Hi,
how can I add a new writer-specifi filter option via “config” in Log::Filter? I need to store log entries in CSV format where only a single header row with the column names is printed out as meta information, with no “# fields” prepended and no other meta data gets included in that mode.
Jessica
Have you considered post processing the log files with things like
sed/grep? You should also check out the values exported by
%INSTALL_PATH%/bro/share/bro/base/frameworks/logging/main.bro.
-Anthony
Hi Jessica,
I don't think you need a filter for CSV output.
See:
http://www.bro.org/sphinx/scripts/base/frameworks/logging/writers/ascii.html
You can get CSV behavior without meta headers with:
redef LogAscii::include_meta = F;
redef LogAscii::separator = ",";
redef LogAscii::set_separator = ";";
Cheers,
Matt Thompson
I know, but I need to print out a single header row with the column names and in this way I cannot do that.
In the call to add_filter, you can specify the $config option like this:
$config=table([“tsv”] = “T”)
I’ve tested this and that coupled with the following in our .bro script file:
redef LogAscii::include_meta T;
redef LogAscii::separator “,”;
Results in the minimal CSV output.
I found an example of this in the testing/btest/scripts/base/frameworks/logging/ascii-tsv.bro example/test file.
-phil