Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/scripts/base/frameworks/logging
History
Seth Hall b28801ce95 Add unrolling separator & field name map to logging framework. 
- When a log record is being "unrolled" (sub-records flattened
   out into a single record), it's now possible to choose the
   character/string to separate the outer name from the inner
   name.  This can be used to work around the problems
   with ElasticSearch 2.0 not supporting dots "." in field names.
   This value can be provided per-filter as well as a global
   default value.
 - Log fields can be renamed by providing a table per-filter
   (or a global default) to rename fields for any log writer.
   The name translation is performed after unrolling so the
   value in the field name table must match whatever is being
   used to separate field names.

   For example if the unrolling separator was set to "*":
	redef Log::default_unrolling_sep = "*";

   The field name map would need to reflect it:
	redef Log::default_field_name_map = {
		["id*orig_h"] = "src",
		["id*orig_p"] = "src_port",
		["id*resp_h"] = "dst",
		["id*resp_p"] = "dst_port",
	};
2016-05-16 12:28:45 -04:00
..
sqlite Converting log writers and input readers to plugins. 2014-07-20 19:17:58 +02:00
adapt-filter.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
ascii-binary.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
ascii-empty.bro Reworking thread termination logic. 2012-07-19 21:21:53 -07:00
ascii-escape-binary.bro In bifs, change ODesc objects to have RAW_STYLE. 2015-04-16 21:50:50 -07:00
ascii-escape-notset-str.bro Fixing ASCII logger to escape the unset-field place-holder if written 2011-11-29 17:01:47 -08:00
ascii-escape-odd-url.bro Bugfix for log writer. 2011-09-11 21:33:09 -07:00
ascii-escape-set-separator.bro Merge remote branch 'origin/topic/jsiwek/log-escaping' 2011-12-19 06:37:54 -08:00
ascii-escape.bro Tests updates for recent open/close log change. 2012-07-27 12:39:11 -07:00
ascii-json-iso-timestamps.bro Updating a couple of tests. 2014-03-12 10:10:40 -04:00
ascii-json-optional.bro Merge branch 'master' of https://github.com/aeppert/bro 2015-10-26 16:52:47 -07:00
ascii-json.bro Added an option to the JSON formatter to use ISO 8601 for timestamps. 2014-03-10 14:22:35 -04:00
ascii-line-like-comment.bro Reworking thread termination logic. 2012-07-19 21:21:53 -07:00
ascii-options.bro Reworking thread termination logic. 2012-07-19 21:21:53 -07:00
ascii-timestamps.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
ascii-tsv.bro Renaming ASCII writer filter option 'only_single_header_row' to 'tsv'. 2012-12-03 14:40:38 -08:00
attr-extend.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
attr.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
disable-stream.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
empty-event.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
env-ext.test Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704) 2011-12-01 16:18:56 -06:00
events.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
exclude.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
field-name-map.bro Add unrolling separator & field name map to logging framework. 2016-05-16 12:28:45 -04:00
file.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
include.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
no-local.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
none-debug.bro Extending the log writer DoInit() API. 2012-06-21 17:42:33 -07:00
path-func-column-demote.bro Fix filter path_func to allow record argument as a subset of stream's columns. 2011-09-09 14:57:22 -05:00
path-func.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
pred.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
remote-config.bro Crashing bug in WriterBackend when deserializing WriterInfo where config 2015-02-23 13:54:44 -08:00
remote-types.bro Tests updates for recent open/close log change. 2012-07-27 12:39:11 -07:00
remote.bro Unit test tweaks/fixes. 2012-08-16 16:33:46 -05:00
remove.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
rotate-custom.bro Tweak to rotate-custom.bro unit test. 2012-08-21 15:22:54 -05:00
rotate.bro Fix for when not producing local output; that hung. 2012-05-17 12:38:47 -07:00
stdout.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
test-logging.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
types.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
unrolling_sep.bro Add unrolling separator & field name map to logging framework. 2016-05-16 12:28:45 -04:00
unrolling_sep_and_field_name_map.bro Add unrolling separator & field name map to logging framework. 2016-05-16 12:28:45 -04:00
unset-record.bro Reorganizing btest/policy directory to match new scripts/ organization 2011-08-11 10:43:11 -05:00
vec.bro Logging framework update and mass Log::ID renaming. 2011-09-03 01:10:17 -04:00
writer-path-conflict.bro Change path conflicts between log filters to be auto-corrected. 2012-07-26 16:55:49 -05:00