[Bro] - logging postprocessor func
william de ping
bill.de.ping at gmail.com
Mon Dec 25 05:24:38 PST 2017
Hello,
Anyone every experienced with setting a costume postprocessor func to a
specific filter ?
here's what I want to do :
function rotation_postprocessor_func(info: Log::RotationInfo) : bool
{
# Move file to name including both opening and closing time.
local dst = fmt("/tmp/%s.%s.log", info$path,
strftime(Log::default_rotation_date_format,
info$open));
system(fmt("/bin/mv %s %s", info$fname, dst));
# Run default postprocessor.
return Log::run_rotation_postprocessor_cmd(info, dst);
}
Log::add_filter(test_log::LOG,[
$name="test_log",
$path_func=test_log_func,
$config=table(["tsv"] = "T"),
$interv=100sec,
$postprocessor=rotation_postprocessor_func,
$include=set("ts")
]);
and when I run it in a cluster mode\single instance mode - I see that the
"test_log" are rotated like all the other logs, meaning that my /tmp/
folder is empty
Any ideas ?
Thanks
B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171225/aef5c9c6/attachment.html
More information about the Bro
mailing list