mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
11c437faa3
- Log path's are generated in the scripting land
now. The default Log stream ID to path string
mapping works like this:
- Notice::LOG -> "notice"
- Notice::POLICY_LOG -> "notice_policy"
- TestModule::LOG -> "test_module"
- Logging streams updated across all of the shipped
scripts to be more user friendly. Instead of
the logging stream ID HTTP::HTTP, we now have
HTTP::LOG, etc.
- The priorities on some bro_init handlers have
been adjusted to make the process of applying
filters or disabling streams easier for users.
26 lines
714 B
Text
26 lines
714 B
Text
@load base/frameworks/notice
|
|
|
|
@prefixes += cluster-worker
|
|
|
|
# Load the script for local site configuration for the worker nodes.
|
|
@load site/local-worker
|
|
|
|
## Don't do any local logging.
|
|
redef Log::enable_local_logging = F;
|
|
|
|
## Make sure that remote logging is enabled.
|
|
redef Log::enable_remote_logging = T;
|
|
|
|
## Use the cluster's delete-log script.
|
|
redef Log::default_rotation_postprocessor_cmd = "delete-log";
|
|
|
|
## Record all packets into trace file.
|
|
# TODO: should we really be setting this to T?
|
|
redef record_all_packets = T;
|
|
|
|
# Workers need to have a filter for the notice log which doesn't
|
|
# do remote logging since we forward the notice event directly.
|
|
event bro_init()
|
|
{
|
|
Log::disable_stream(Notice::LOG);
|
|
}
|