[Bro] - logging postprocessor func
Johanna Amann
johanna at icir.org
Thu Dec 28 12:52:12 PST 2017
On a first glance this does actually not look bad to me - but I have not
tried this myself :).
Have you tried to do a bit debugging with prints to see if your custom
postprocessor function is called by the core?
Johanna
On Mon, Dec 25, 2017 at 03:24:38PM +0200, william de ping wrote:
> Hello,
>
> Anyone every experienced with setting a costume postprocessor func to a
> specific filter ?
>
> here's what I want to do :
>
> function rotation_postprocessor_func(info: Log::RotationInfo) : bool
> {
> # Move file to name including both opening and closing time.
> local dst = fmt("/tmp/%s.%s.log", info$path,
> strftime(Log::default_rotation_date_format,
> info$open));
>
> system(fmt("/bin/mv %s %s", info$fname, dst));
>
> # Run default postprocessor.
> return Log::run_rotation_postprocessor_cmd(info, dst);
> }
>
>
> Log::add_filter(test_log::LOG,[
> $name="test_log",
> $path_func=test_log_func,
> $config=table(["tsv"] = "T"),
> $interv=100sec,
> $postprocessor=rotation_postprocessor_func,
> $include=set("ts")
> ]);
>
>
> and when I run it in a cluster mode\single instance mode - I see that the
> "test_log" are rotated like all the other logs, meaning that my /tmp/
> folder is empty
>
> Any ideas ?
>
> Thanks
> B
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list