[
https://bro-tracker.atlassian.net/browse/BIT-579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Seth Hall updated BIT-579:
--------------------------
Resolution: Fixed
Status: Closed (was: Open)
I can now recognize that this wasn't a great idea. :)
> "Raw" logging writer
> --------------------
>
> Key: BIT-579
> URL: https://bro-tracker.atlassian.net/browse/BIT-579
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Seth Hall
> Priority: High
> Fix For: 2.2
>
>
> This was formerly a ticket about creating syslog logging writer, but I think
> we found a better and more general approach in a "raw" writer. The raw
> writer would abandon the normal tab separated output from the Ascii writer
> and instead would be based on a templating format passed through the config
> filter field. There should also be options for sending the formatted data to
> files, sockets, and syslog.
> This writer would open several doors for us:
> * Direct integration from script-land with ELSA.
> * Functional replacement for PRADS in script-land with integration into
> Sguil.
> * Direct script-land integration with the metrics framework and Graphite.
> Here is a made up example of creating a metrics filter for sending data to
> Graphite:
> {noformat}
> Log::add_filter(Metrics::LOG, [$name="graphite",
> $writer=Log::WRITER_RAW,
> $path="tcp://1.2.3.4:2003/",
> $config = table(["fmt"] = "{{metric}}
> {{value}} {{ts}}")]);
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
