[Bro] How to create a CSV logging writer

Phil Stanhope stanhope at gmail.com
Sun Feb 2 13:14:19 PST 2014 

In the call to add_filter, you can specify the $config option like this:

$config=table(["tsv"] = "T")

I've tested this and that coupled with the following in our .bro script
file:

redef LogAscii::include_meta T;
redef LogAscii::separator ",";

Results in the minimal CSV output.

I found an example of this in
the testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro
example/test file.

-phil



On Sat, Feb 1, 2014 at 5:17 PM, Jessica Smith <jes.smith.bro at aol.com> wrote:

> I know, but I need to print out a single header row with the column names
> and in this way I cannot do that.
>
>
>
> -----Original Message-----
> From: Matt Thompson <mthompson at hexwave.com>
> To: bro <bro at bro.org>
> Sent: Sat, Feb 1, 2014 10:37 pm
> Subject: Re: [Bro] How to create a CSV logging writer
>
>  Hi Jessica,
>
> I don't think you need a filter for CSV output.
>
> See:
> http://www.bro.org/sphinx/scripts/base/frameworks/logging/writers/ascii.html
>
> You can get CSV behavior without meta headers with:
>
> redef LogAscii::include_meta = F;
> redef LogAscii::separator = ",";
> redef LogAscii::set_separator = ";";
>
> Cheers,
> Matt Thompson
>
> On 2/1/14, 11:12 AM, Jessica Smith wrote:
>
> Hi,
>
>
> how can I add a new writer-specifi filter option via "config" in Log::Filter? I need to store log entries in CSV format where only a single header row with the column names is printed out as meta information, with no "# fields" prepended and no other meta data gets included in that mode.
>
>
> Jessica
>
>
>
>
> _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>   _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140202/61788742/attachment.html

More information about the Bro mailing list