I’m working on some Bro scripts to log events directly to graphite and/or statsd. I have a working setup which builds a command string to be passed to Exec::run (or just plain old system()) that looks something like:
echo ‘some.graphite.metric 123’ | nc -u -w 1 graphitehost port
echo ‘some.statsd.metric:123|c’ | nc -u w 1 statsdhost port
So this has to go to the shell every time, and it depends on netcat.
I’m looking for a more elegant way to send UDP packets directly from Bro scripts, but can’t find anything so far. Any ideas?