[Bro] - logging postprocessor func
william de ping
bill.de.ping at gmail.com
Tue Dec 26 04:59:28 PST 2017
Anyone ?
Thanks
On Mon, Dec 25, 2017 at 3:24 PM, william de ping <bill.de.ping at gmail.com>
wrote:
> Hello,
>
> Anyone every experienced with setting a costume postprocessor func to a
> specific filter ?
>
> here's what I want to do :
>
> function rotation_postprocessor_func(info: Log::RotationInfo) : bool
> {
> # Move file to name including both opening and closing time.
> local dst = fmt("/tmp/%s.%s.log", info$path,
> strftime(Log::default_rotation_date_format,
> info$open));
>
> system(fmt("/bin/mv %s %s", info$fname, dst));
>
> # Run default postprocessor.
> return Log::run_rotation_postprocessor_cmd(info, dst);
> }
>
>
> Log::add_filter(test_log::LOG,[
> $name="test_log",
> $path_func=test_log_func,
> $config=table(["tsv"] = "T"),
> $interv=100sec,
> $postprocessor=rotation_postprocessor_func,
> $include=set("ts")
> ]);
>
>
> and when I run it in a cluster mode\single instance mode - I see that the
> "test_log" are rotated like all the other logs, meaning that my /tmp/
> folder is empty
>
> Any ideas ?
>
> Thanks
> B
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171226/db64b132/attachment.html
More information about the Bro
mailing list