Hi everyone,
I am using Zeek version 5.0.7. The file from which the logs are extracted is in zeek/base/frameworks/logging/writers/ascii.zeek, I state as follows
const logdir = “/directory/folder” &redef;
I want to access this from another .zeek file and add another subfolder. When I tried to add the file extension with @load, I could not handle this. How can I access that const logdir directory where the logs are output?
Thanks in advance,
The constant logdir is defined in the LogAscii module. You can refer to it by its fully qualified name LogAscii::logdir from anywhere. Note that LogAscii::logdir got superseeded by the more general Log::default_logdir in more recent Zeek version.
As a side note, to override constants declared &redef (i.e., redefinable) you should redefine them in a file controlled by you, e.g., local.zeek. That way your configuration changes are preserved across updates.
# In e.g., `local.zeek`.
redef LogAscii::logdir = "/tmp/logs";
The docs go into that in some detail.
https://docs.zeek.org/en/master/scripting/basics.html#constants
Thanks for your reply @Benjamin_Bannier.
I can take that const variable, “logdir”. When I use in
function set_info(f: fa_file)
{
local LogDir = LogAscii::logdir;
}
LogDir is usable, that content is true. But I could not update LogAscii::logdir even though I wrote like that
redef LogAscii::logdir = “/tmp/logs”;
Error says that syntax error, at or near \"redef"\ninternal error in that line includes above.
I couldn’t find what caused this situation.