Write logs

Rober_Fernandez · February 12, 2018, 4:04pm

I want to write several logs in the same connexion. The problem with logging framework is that only can filter a log;

For example, If i had three filters with log_metadata= T, i would like to write in three differents logs

filter-1.log

filter-3.log

filter-10.log

function filter_conn(id: Log::ID, path: string, rec: Conn::Info) : string {

local filters = Filter::filters;
local file_filter = “”;

for (i in filters) {

if (i?$log_metadata && i$log_metadata == T) {

file_filter = “filter-” + cat(i$id_fil);
break;
}
}

return file_filter;
}

event bro_init() {

local metadata: Log::Filter = [
$name=“metadata”,
$path=“metadata”,
$include=set(“ts”,“id.orig_h”, “id.orig_p”, “id.resp_h”, “id.resp_p”, “proto”, “service”,
“duration”, “orig_bytes”, “resp_bytes”, “missed_bytes”, “orig_pkts”, “resp_pkts”, “orig_file”,
“resp_file”),
$path_func=filter_conn
];

Log::add_filter(Conn::LOG, metadata);

}

With this code, I only return the first match, filter-1.log

How could I do this?

Thanks

Azoff_Justin_S · February 12, 2018, 4:11pm

The problem is that path_func is not for filtering, it is for splitting a single log stream into one or more different output files.
If you want to filter a log file, you need to use $pred, not $path_func.

You simply need to call Log::add_filter 3 times, once for each pred function.

Topic		Replies	Views
Question: using Log Filter Framework Zeek	3	93	May 6, 2022
Multiple logs in one SQLite database Development development	3	92	May 6, 2022
Logging to SQLite only writes to one file Zeek	1	69	May 6, 2022
multiple sqlite writers Zeek	3	108	May 6, 2022
How to create a CSV logging writer Zeek	5	226	May 6, 2022

Write logs

Related topics