[Bro] Write logs
Rober Fernández
roberixion at gmail.com
Mon Feb 12 08:04:55 PST 2018
I want to write several logs in the same connexion. The problem with
logging framework is that only can filter a log;
For example, If i had three filters with log_metadata= T, i would like to
write in three differents logs
filter-1.log
filter-3.log
filter-10.log
function filter_conn(id: Log::ID, path: string, rec: Conn::Info) : string {
local filters = Filter::filters;
local file_filter = "";
for (i in filters) {
if (i?$log_metadata && i$log_metadata == T) {
file_filter = "filter-" + cat(i$id_fil);
break;
}
}
return file_filter;
}
event bro_init() {
local metadata: Log::Filter = [
$name="metadata",
$path="metadata",
$include=set("ts","id.orig_h", "id.orig_p", "id.resp_h",
"id.resp_p", "proto", "service",
"duration", "orig_bytes", "resp_bytes", "missed_bytes",
"orig_pkts", "resp_pkts", "orig_file",
"resp_file"),
$path_func=filter_conn
];
Log::add_filter(Conn::LOG, metadata);
}
With this code, I only return the first match, filter-1.log
How could I do this?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180212/fcd0f7c8/attachment.html
More information about the Bro
mailing list