[Bro] Bro logs - enable_local_logging and remove_default_filter
Hovsep Levi
hovsep.sanjay.levi at gmail.com
Thu Dec 13 07:25:04 PST 2018
Hi all,
Can you please help to explain how to disable local logging ? I am using
the KafkaWriter Bro plugin for many years now without a problem but after
an upgrade to Bro 2.6 there is a problem.
The logs that are excluded from sending to Kafka are the logs that are
being written to disk. In Bro config language that means the logs that are
not explicitly defined in KafkaLogger::logs_to_send.
Example from local.bro for KafkaLogger:
redef KafkaLogger::logs_to_send( CaptureLoss::LOG, etc... )
Historically I modify the KafkaLogger plugin slightly to support disabling
the writing of logs to disk by adding a function call to
"Log::remove_default_filter" for each log. With Bro 2.6 this no longer
seems to work the way it once did.
So I check the documentation at
https://www.bro.org/sphinx-git/scripts/base/frameworks/logging/main.bro.html
and see remove_default_filter still exists and also notice two variables
that might be relevant to my issue.
Log::enable_local_logging
<https://www.bro.org/sphinx-git/scripts/base/frameworks/logging/main.bro.html#id-Log::enable_local_logging>:
bool <https://www.bro.org/sphinx-git/script-reference/types.html#type-bool>
&redef
<https://www.bro.org/sphinx-git/script-reference/attributes.html#attr-&redef>
If
true, local logging is by default enabled for all filters.
Log::enable_remote_logging
<https://www.bro.org/sphinx-git/scripts/base/frameworks/logging/main.bro.html#id-Log::enable_remote_logging>:
bool <https://www.bro.org/sphinx-git/script-reference/types.html#type-bool>
&redef
<https://www.bro.org/sphinx-git/script-reference/attributes.html#attr-&redef>
If
true, remote logging is by default enabled for all filters.
But when I try to set Log::enable_local_logging=0 within the KafkaLogger
plugin loop for each log I get an error.
Thanks in advance.
-Hovsep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181213/9bfbf6e9/attachment.html
More information about the Bro
mailing list