[Bro] Bro logs - enable_local_logging and remove_default_filter
Hovsep Levi
hovsep.sanjay.levi at gmail.com
Tue Dec 18 13:18:36 PST 2018
On Thu, Dec 13, 2018 at 9:51 PM Johanna Amann <johanna at icir.org> wrote:
>
> I just looked and I did not really see any big way in which this changed.
> Could you perhaps provide a code-snippet that does not work anymore?
>
>
I modify the KafkaLogger script (logs-to-kafka.bro) and add
Log::remove_default_filter before the call to Log::add_filter.
> I also just tried a minimal example script and Log::remove_default_filter
> seems to work as expected.
>
>
It works for some of the logs except:
ls -l bro/logs/current/
total 511992
-rw-r--r-- 1 bro bro 1032325 Dec 18 07:15 broker.log
-rw-r--r-- 1 bro bro 666385163 Dec 18 07:15 conn.log
-rw-r--r-- 1 bro bro 12994 Dec 18 07:15 dce_rpc.log
-rw-r--r-- 1 bro bro 223181005 Dec 18 07:15 files.log
-rw-r--r-- 1 bro bro 5780 Dec 18 07:15 smb_files.log
-rw-r--r-- 1 bro bro 3283 Dec 18 07:15 smb_mapping.log
-rw-r--r-- 1 bro bro 5077483 Dec 18 07:15 stderr.log
-rw-r--r-- 1 bro bro 187 Dec 13 14:45 stdout.log
[...]
>
> > But when I try to set Log::enable_local_logging=0 within the KafkaLogger
> > plugin loop for each log I get an error.
>
> This is probably a misunderstanding. Log::enable_local_logging is not a
> per-log setting - so there is nothing to loop over.
>
>
>
Ok, thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181218/e193b2dd/attachment.html
More information about the Bro
mailing list