[Bro] send logs to custom server by socket
Daniel Guerra
daniel.guerra69 at gmail.com
Sun May 3 04:53:19 PDT 2015
Is this a bro only broker or does it communicate amqp ?
> On 01 May 2015, at 03:38, Hosom, Stephen M <hosom at battelle.org> wrote:
>
> I believe you likely want functionality that technically exists in Master.
>
> Check out remote logging with Broker... https://www.bro.org/sphinx-git/frameworks/broker.html#remote-logging
>
> I haven't played with that yet, so I can't be certain it does precisely what you want...
>
> Alternatively, you could just delete the logs after they rotate and send the logs via syslog with rsyslog, or your syslog daemon of choice.
>
> Let me know if that helps!
> ________________________________________
> From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Mo Jia [life.130815 at gmail.com]
> Sent: Thursday, April 30, 2015 1:17 AM
> To: bro at bro.org
> Subject: [Bro] send logs to custom server by socket
>
> Hello:
>
> If I don't want log to disk, and want send json logs to a remote
> server. When some code like this Log::write(HTTP::LOG, c$http); it was
> send http log to my server. Dose this mean I need change
> src/logging/writters/ascii ? Or I should add a new writer something
> like socket? I don't want change the bro scripts already have, so
> Log:write(HTTP::LOG, c$http) should don't change. Or I think is
> add a config like
>
> LOG_SERVER_IP = 192.168.100
> LOG_SERVER_PORT = 8087
>
> and all the http , notice and so on all send to the server.
> Any suggest? Or does somebody already done before?
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list