31 Aug
2011
31 Aug
'11
12:53 p.m.
#579: Syslog logging writer
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.7
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
Martin has completely convinced me of the need for this. I don't know
about timeline we should put on it though. The one thought I have about
it is that it needs to use TCP due to extremely long lines that Bro logs
tend to have. I think it would be ok for it to have the same output
rendering that the LogAscii writer has.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/579>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
30 Mar
30 Mar
12:12 p.m.
#579: Syslog logging writer
----------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Changes (by seth):
* priority: Normal => High
Comment:
Bumping priority because this could make integration with Martin Holste's
ELSA project much easier. I need to talk to him more about how it should
work to integrate best. I expect that the threaded logging framework
should make the integration very easy though.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/579#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
11 Jul
11 Jul
9:28 p.m.
#579: Syslog logging writer
----------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Changes (by seth):
* milestone: Bro2.1 => Bro2.2
Comment:
Not happening yet.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/579#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
2 Nov
2 Nov
7:35 p.m.
New subject: [Bro-Dev] #579: "Raw" logging writer (was: Syslog logging writer)
#579: "Raw" logging writer
----------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Description changed by seth:
Old description:
Martin has completely convinced me of the need for
this. I don't know
about timeline we should put on it though. The one thought I have about
it is that it needs to use TCP due to extremely long lines that Bro logs
tend to have. I think it would be ok for it to have the same output
rendering that the LogAscii writer has.
New description:
This was formerly a ticket about creating syslog logging writer, but I
think we found a better and more general approach in a "raw" writer. The
raw writer would abandon the normal tab separated output from the Ascii
writer and instead would be based on a templating format passed through
the config filter field. There should also be options for sending the
formatted data to files, sockets, and syslog.
This writer would open several doors for us:
* Direct integration from script-land with ELSA.
* Functional replacement for PRADS in script-land with integration into
Sguil.
* Direct script-land integration with the metrics framework and
Graphite.
Here is a made up example of creating a metrics filter for sending data to
Graphite:
{{{
Log::add_filter(Metrics::LOG, [$name="graphite",
$writer=Log::WRITER_RAW,
$path="tcp://1.2.3.4:2003/",
$config = table(["fmt"] = "{{metric}}
{{value}} {{ts}}")]);
}}}
--
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/579#comment:3>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
3196
days inactive
3626
days old
3 comments
1 participants
participants (1)
-
Bro Tracker