mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 18:48:20 +00:00
eef8b7d1c4
I've only tested that it compiles, not whether it still works. The fact that we don't have any tests for this makes me uneasy ... * remotes/origin/topic/seth/elasticsearch: (35 commits) Some documentation updates for elasticsearch plugin. Temporarily removing the ES timeout because it works with signals and is incompatible with Bro threads. Changed ES index names to localtime and added a meta index. New script for easily duplicating logs to ElasticSearch. Some better elasticsearch reliability. Fixed small elasticsearch problem in configure output. Re-adding the needed call to FinishedRotation in the ES writer plugin. Tiny updates. Bringing elasticsearch branch up to date with master. Adding a define to make the stdint C macros available. Adding an extra header. Fixed a bug with messed up time value passing to elasticsearch. Small updates and a little standardization for config.h.in naming. Bug fixes. Bug fix and feature. Forgot to call the parent method for DoHeartBeat. Changed the escaping method. Flush logs to ES daemon as Bro is shutting down. Reduce the batch size to 1000 and add a maximum time interval for batches. Reworked bulk operation string construction to use ODesc and added json escaping. ...
103 lines
2.3 KiB
Text
103 lines
2.3 KiB
Text
##! Internal functions and types used by the logging framework.
|
|
|
|
module Log;
|
|
|
|
%%{
|
|
#include "NetVar.h"
|
|
|
|
#include "logging/Manager.h"
|
|
%%}
|
|
|
|
type Filter: record;
|
|
type Stream: record;
|
|
type RotationInfo: record;
|
|
|
|
function Log::__create_stream%(id: Log::ID, stream: Log::Stream%) : bool
|
|
%{
|
|
bool result = log_mgr->CreateStream(id->AsEnumVal(), stream->AsRecordVal());
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__enable_stream%(id: Log::ID%) : bool
|
|
%{
|
|
bool result = log_mgr->EnableStream(id->AsEnumVal());
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__disable_stream%(id: Log::ID%) : bool
|
|
%{
|
|
bool result = log_mgr->DisableStream(id->AsEnumVal());
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__add_filter%(id: Log::ID, filter: Log::Filter%) : bool
|
|
%{
|
|
bool result = log_mgr->AddFilter(id->AsEnumVal(), filter->AsRecordVal());
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__remove_filter%(id: Log::ID, name: string%) : bool
|
|
%{
|
|
bool result = log_mgr->RemoveFilter(id->AsEnumVal(), name);
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__write%(id: Log::ID, columns: any%) : bool
|
|
%{
|
|
bool result = log_mgr->Write(id->AsEnumVal(), columns->AsRecordVal());
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__set_buf%(id: Log::ID, buffered: bool%): bool
|
|
%{
|
|
bool result = log_mgr->SetBuf(id->AsEnumVal(), buffered);
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
function Log::__flush%(id: Log::ID%): bool
|
|
%{
|
|
bool result = log_mgr->Flush(id->AsEnumVal());
|
|
return new Val(result, TYPE_BOOL);
|
|
%}
|
|
|
|
# Options for the ASCII writer.
|
|
|
|
module LogAscii;
|
|
|
|
const output_to_stdout: bool;
|
|
const include_meta: bool;
|
|
const meta_prefix: string;
|
|
const separator: string;
|
|
const set_separator: string;
|
|
const empty_field: string;
|
|
const unset_field: string;
|
|
|
|
# Options for the DataSeries writer.
|
|
|
|
module LogDataSeries;
|
|
|
|
const compression: string;
|
|
const extent_size: count;
|
|
const dump_schema: bool;
|
|
const use_integer_for_time: bool;
|
|
const num_threads: count;
|
|
|
|
# Options for the ElasticSearch writer.
|
|
|
|
module LogElasticSearch;
|
|
|
|
const cluster_name: string;
|
|
const server_host: string;
|
|
const server_port: count;
|
|
const index_prefix: string;
|
|
const type_prefix: string;
|
|
const transfer_timeout: interval;
|
|
const max_batch_size: count;
|
|
const max_batch_interval: interval;
|
|
const max_byte_size: count;
|
|
|
|
# Options for the None writer.
|
|
|
|
module LogNone;
|
|
|
|
const debug: bool;
|