[Bro-Dev] [JIRA] (BIT-579) "Raw" logging writer
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Thu Nov 7 07:52:31 PST 2013
[ https://bro-tracker.atlassian.net/browse/BIT-579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Seth Hall updated BIT-579:
--------------------------
Resolution: Fixed
Status: Closed (was: Open)
I can now recognize that this wasn't a great idea. :)
> "Raw" logging writer
> --------------------
>
> Key: BIT-579
> URL: https://bro-tracker.atlassian.net/browse/BIT-579
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Seth Hall
> Priority: High
> Fix For: 2.2
>
>
> This was formerly a ticket about creating syslog logging writer, but I think we found a better and more general approach in a "raw" writer. The raw writer would abandon the normal tab separated output from the Ascii writer and instead would be based on a templating format passed through the config filter field. There should also be options for sending the formatted data to files, sockets, and syslog.
> This writer would open several doors for us:
> * Direct integration from script-land with ELSA.
> * Functional replacement for PRADS in script-land with integration into Sguil.
> * Direct script-land integration with the metrics framework and Graphite.
> Here is a made up example of creating a metrics filter for sending data to Graphite:
> {noformat}
> Log::add_filter(Metrics::LOG, [$name="graphite",
> $writer=Log::WRITER_RAW,
> $path="tcp://1.2.3.4:2003/",
> $config = table(["fmt"] = "{{metric}} {{value}} {{ts}}")]);
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
More information about the bro-dev
mailing list