[Bro] send logs to custom server by socket
Hosom, Stephen M
hosom at battelle.org
Thu Apr 30 18:38:15 PDT 2015
I believe you likely want functionality that technically exists in Master.
Check out remote logging with Broker... https://www.bro.org/sphinx-git/frameworks/broker.html#remote-logging
I haven't played with that yet, so I can't be certain it does precisely what you want...
Alternatively, you could just delete the logs after they rotate and send the logs via syslog with rsyslog, or your syslog daemon of choice.
Let me know if that helps!
________________________________________
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Mo Jia [life.130815 at gmail.com]
Sent: Thursday, April 30, 2015 1:17 AM
To: bro at bro.org
Subject: [Bro] send logs to custom server by socket
Hello:
If I don't want log to disk, and want send json logs to a remote
server. When some code like this Log::write(HTTP::LOG, c$http); it was
send http log to my server. Dose this mean I need change
src/logging/writters/ascii ? Or I should add a new writer something
like socket? I don't want change the bro scripts already have, so
Log:write(HTTP::LOG, c$http) should don't change. Or I think is
add a config like
LOG_SERVER_IP = 192.168.100
LOG_SERVER_PORT = 8087
and all the http , notice and so on all send to the server.
Any suggest? Or does somebody already done before?
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list