base/frameworks/logging/main.zeek¶
- Log¶
The Zeek logging interface.
See Logging Framework for an introduction to Zeek’s logging framework.
- Namespace
Log
- Imports
Summary¶
Runtime Options¶
Default rotation directory to use for the dir field of
|
|
This table contains environment variables to be used for the
|
Redefinable Options¶
A prefix for extension fields which can be optionally prefixed on all log lines by setting the ext_func field in the log filter. |
|
Default field name mapping for renaming fields in a logging framework filter. |
|
Default logging directory. |
|
Default alarm summary mail interval. |
|
Default naming format for timestamps embedded into filenames. |
|
Default rotation interval to use for filters that do not specify an interval. |
|
Default shell command to run on rotated files. |
|
Specifies the default postprocessor function per writer type. |
|
Default separator for log field scopes when logs are unrolled and flattened. |
|
Default writer to use if a filter does not specify anything else. |
|
Default string to use for empty fields. |
|
If true, local logging is by default enabled for all filters. |
|
If true, remote logging is by default enabled for all filters. |
|
If |
|
Set configuration for |
|
Default separator to use between fields. |
|
Default separator to use between elements of a set. |
|
Default string to use for an unset &optional field. |
Constants¶
Sentinel value for indicating that a filter was not found when looked up. |
State Variables¶
The streams which are currently active and not disabled. |
Types¶
A filter type describes how to customize logging streams. |
|
Type that defines an ID unique to each log stream. |
|
A hook type to implement filtering policy at log filter granularity. |
|
If |
|
Configurations for |
|
Information passed into rotation format callback function given by
|
|
Information passed into rotation callback functions. |
|
A log file rotation path specification that’s returned by the
user-customizable |
|
The function type for log rotation post processors. |
|
Type defining the content of a logging stream. |
|
A hook type to implement filtering policy. |
|
Redefinitions¶
|
|
Events¶
Event for accessing logged print records. |
Hooks¶
The global log policy hook. |
Functions¶
Adds a default |
|
Adds a custom filter to an existing logging stream. |
|
Creates a new logging stream with the default filter. |
|
Default log extension function in the case that you would like to apply the same extensions to all logs. |
|
Builds the default path values for log filters if not otherwise specified by a filter. |
|
Disables a currently enabled logging stream. |
|
Enables a previously disabled logging stream. |
|
Flushes any currently buffered output for all the writers of a given logging stream. |
|
Gets a filter associated with an existing logging stream. |
|
Gets the names of all filters associated with an existing logging stream. |
|
Removes the |
|
Removes a filter from an existing logging stream. |
|
Removes a logging stream completely, stopping all the threads. |
|
A function that one may use to customize log file rotation paths. |
|
Runs a command given by |
|
Sets the buffering status for all the writers of a given logging stream. |
|
Writes a new log line/entry to a logging stream. |
Detailed Interface¶
Runtime Options¶
- Log::default_rotation_dir¶
- Type
- Attributes
- Default
""
- Redefinition
from policy/frameworks/management/persistence.zeek
=
:build_path(Management::get_spool_dir(), log-queue)
Default rotation directory to use for the dir field of
Log::RotationPath
during calls toLog::rotation_format_func
. An empty string implies using the current working directory;
- Log::default_rotation_postprocessor_cmd_env¶
-
This table contains environment variables to be used for the
Log::default_rotation_postprocessor_cmd
command when executed viaLog::run_rotation_postprocessor_cmd
.The entries in this table will be prepended with
ZEEK_ARG_
as done bysystem_env
.
Redefinable Options¶
- Log::default_ext_prefix¶
-
A prefix for extension fields which can be optionally prefixed on all log lines by setting the ext_func field in the log filter.
- Log::default_field_name_map¶
-
Default field name mapping for renaming fields in a logging framework filter. This is typically used to ease integration with external data storage and analysis systems.
- Log::default_logdir¶
-
Default logging directory. An empty string implies using the current working directory.
This directory is also used for rotated logs in cases where
Log::rotation_format_func
returns a record with an empty or unsetdir
field.
- Log::default_mail_alarms_interval¶
-
Default alarm summary mail interval. Zero disables alarm summary mails.
Note that this is overridden by the ZeekControl MailAlarmsInterval option.
- Log::default_rotation_date_format¶
-
Default naming format for timestamps embedded into filenames. Uses a
strftime()
style.
- Log::default_rotation_interval¶
-
Default rotation interval to use for filters that do not specify an interval. Zero disables rotation.
Note that this is overridden by the ZeekControl LogRotationInterval option.
- Log::default_rotation_postprocessor_cmd¶
-
Default shell command to run on rotated files. Empty for none.
- Log::default_rotation_postprocessors¶
- Type
table
[Log::Writer
] offunction
(info:Log::RotationInfo
) :bool
- Attributes
- Default
{}
- Redefinition
from base/frameworks/logging/main.zeek
+=
:Log::WRITER_ASCII = Log::default_ascii_rotation_postprocessor_func
- Redefinition
from base/frameworks/logging/writers/none.zeek
+=
:Log::WRITER_NONE = LogNone::default_rotation_postprocessor_func
Specifies the default postprocessor function per writer type. Entries in this table are initialized by each writer type.
- Log::default_scope_sep¶
-
Default separator for log field scopes when logs are unrolled and flattened. This will be the string between field name components. For example, setting this to “_” will cause the typical field “id.orig_h” to turn into “id_orig_h”.
- Log::default_writer¶
- Type
- Attributes
- Default
Log::WRITER_ASCII
Default writer to use if a filter does not specify anything else.
- Log::empty_field¶
-
Default string to use for empty fields. This should be different from unset_field to make the output unambiguous. Individual writers can use a different value.
- Log::enable_local_logging¶
-
If true, local logging is by default enabled for all filters.
- Log::enable_remote_logging¶
-
If true, remote logging is by default enabled for all filters.
- Log::print_log_path¶
-
If
Log::print_to_log
is enabled to write to a print log, this is the path to which the print Log Stream writes to
- Log::print_to_log¶
- Type
- Attributes
- Default
Log::REDIRECT_NONE
Set configuration for
print
statements redirected to logs.
- Log::separator¶
-
Default separator to use between fields. Individual writers can use a different value.
- Log::set_separator¶
-
Default separator to use between elements of a set. Individual writers can use a different value.
- Log::unset_field¶
-
Default string to use for an unset &optional field. Individual writers can use a different value.
Constants¶
- Log::no_filter¶
- Type
- Default
{ name="<not found>" writer=Log::WRITER_ASCII path=<uninitialized> path_func=<uninitialized> include=<uninitialized> exclude=<uninitialized> log_local=T log_remote=T field_name_map={ } scope_sep="." ext_prefix="_" ext_func=lambda_<2528247166937952945> ; interv=0 secs postprocessor=<uninitialized> config={ } policy=<uninitialized> }
Sentinel value for indicating that a filter was not found when looked up.
State Variables¶
- Log::active_streams¶
- Type
table
[Log::ID
] ofLog::Stream
- Default
{}
The streams which are currently active and not disabled. This table is not meant to be modified by users! Only use it for examining which streams are active.
Types¶
- Log::Filter¶
- Type
-
- name:
string
Descriptive name to reference this filter.
- writer:
Log::Writer
&default
=Log::default_writer
&optional
The logging writer implementation to use.
- path:
string
&optional
Output path for recording entries matching this filter.
The specific interpretation of the string is up to the logging writer, and may for example be the destination file name. Generally, filenames are expected to be given without any extensions; writers will add appropriate extensions automatically.
If this path is found to conflict with another filter’s for the same writer type, it is automatically corrected by appending “-N”, where N is the smallest integer greater or equal to 2 that allows the corrected path name to not conflict with another filter’s.
- path_func:
function
(id:Log::ID
, path:string
, rec:any
)string
&optional
A function returning the output path for recording entries matching this filter. This is similar to path yet allows to compute the string dynamically. It is ok to return different strings for separate calls, but be careful: it’s easy to flood the disk by returning a new string for each connection. Upon adding a filter to a stream, if neither
path
norpath_func
is explicitly set by them, thenLog::default_path_func
is used.- param id
The ID associated with the log stream.
- param path
A suggested path value, which may be either the filter’s
path
if defined, else a previous result from the function. If nopath
is defined for the filter, then the first call to the function will contain an empty string.- param rec
An instance of the stream’s
columns
type with its fields set to the values to be logged.- returns
The path to be used for the filter, which will be subject to the same automatic correction rules as the path field of
Log::Filter
in the case of conflicts with other filters trying to use the same writer/path pair.
- include:
set
[string
]&optional
Subset of column names to record. If not given, all columns are recorded.
- exclude:
set
[string
]&optional
Subset of column names to exclude from recording. If not given, all columns are recorded.
- log_local:
bool
&default
=Log::enable_local_logging
&optional
If true, entries are recorded locally.
- log_remote:
bool
&default
=Log::enable_remote_logging
&optional
If true, entries are passed on to remote peers.
- field_name_map:
table
[string
] ofstring
&default
=Log::default_field_name_map
&optional
Field name map to rename fields before the fields are written to the output.
- scope_sep:
string
&default
=Log::default_scope_sep
&optional
A string that is used for unrolling and flattening field names for nested record types.
- ext_prefix:
string
&default
=Log::default_ext_prefix
&optional
Default prefix for all extension fields. It’s typically prudent to set this to something that Zeek’s logging framework can’t normally write out in a field name.
- ext_func:
function
(path:string
)any
&default
=Log::default_ext_func
&optional
Function to collect a log extension value. If not specified, no log extension will be provided for the log. The return value from the function must be a record.
- interv:
interval
&default
=Log::default_rotation_interval
&optional
Rotation interval. Zero disables rotation.
- postprocessor:
function
(info:Log::RotationInfo
)bool
&optional
Callback function to trigger for rotated files. If not set, the default comes out of
Log::default_rotation_postprocessors
.- config:
table
[string
] ofstring
&default
={ }
&optional
A key/value table that will be passed on to the writer. Interpretation of the values is left to the writer, but usually they will be used for configuration purposes.
- policy:
Log::PolicyHook
&optional
Policy hooks can adjust log entry values and veto the writing of a log entry for the record passed into it. Any hook that breaks from its body signals that Zeek won’t log the entry passed into it.
When no policy hook is defined, the filter inherits the hook from the stream it’s associated with.
- name:
A filter type describes how to customize logging streams.
- Log::ID¶
- Type
-
- Log::UNKNOWN¶
Dummy place-holder.
- Log::PRINTLOG¶
Print statements that have been redirected to a log stream.
- Broker::LOG¶
(present if base/frameworks/broker/log.zeek is loaded)
- Cluster::LOG¶
(present if base/frameworks/cluster/main.zeek is loaded)
- Config::LOG¶
(present if base/frameworks/config/main.zeek is loaded)
- DPD::LOG¶
(present if base/frameworks/analyzer/dpd.zeek is loaded)
- Analyzer::Logging::LOG¶
(present if base/frameworks/analyzer/logging.zeek is loaded)
- Files::LOG¶
(present if base/frameworks/files/main.zeek is loaded)
Logging stream for file analysis.
- Reporter::LOG¶
(present if base/frameworks/reporter/main.zeek is loaded)
- Notice::LOG¶
(present if base/frameworks/notice/main.zeek is loaded)
This is the primary logging stream for notices.
- Notice::ALARM_LOG¶
(present if base/frameworks/notice/main.zeek is loaded)
This is the alarm stream.
- Weird::LOG¶
(present if base/frameworks/notice/weird.zeek is loaded)
- Signatures::LOG¶
(present if base/frameworks/signatures/main.zeek is loaded)
- PacketFilter::LOG¶
(present if base/frameworks/packet-filter/main.zeek is loaded)
- Software::LOG¶
(present if base/frameworks/software/main.zeek is loaded)
- Intel::LOG¶
(present if base/frameworks/intel/main.zeek is loaded)
- Tunnel::LOG¶
(present if base/frameworks/tunnels/main.zeek is loaded)
- OpenFlow::LOG¶
(present if base/frameworks/openflow/plugins/log.zeek is loaded)
- NetControl::LOG¶
(present if base/frameworks/netcontrol/main.zeek is loaded)
- NetControl::DROP_LOG¶
(present if base/frameworks/netcontrol/drop.zeek is loaded)
- NetControl::SHUNT¶
(present if base/frameworks/netcontrol/shunt.zeek is loaded)
- Conn::LOG¶
(present if base/protocols/conn/main.zeek is loaded)
- DCE_RPC::LOG¶
(present if base/protocols/dce-rpc/main.zeek is loaded)
- DHCP::LOG¶
(present if base/protocols/dhcp/main.zeek is loaded)
- DNP3::LOG¶
(present if base/protocols/dnp3/main.zeek is loaded)
- DNS::LOG¶
(present if base/protocols/dns/main.zeek is loaded)
- FTP::LOG¶
(present if base/protocols/ftp/main.zeek is loaded)
- SSL::LOG¶
(present if base/protocols/ssl/main.zeek is loaded)
- X509::LOG¶
(present if base/files/x509/main.zeek is loaded)
- OCSP::LOG¶
(present if base/files/x509/log-ocsp.zeek is loaded)
- HTTP::LOG¶
(present if base/protocols/http/main.zeek is loaded)
- IRC::LOG¶
(present if base/protocols/irc/main.zeek is loaded)
- KRB::LOG¶
(present if base/protocols/krb/main.zeek is loaded)
- Modbus::LOG¶
(present if base/protocols/modbus/main.zeek is loaded)
- MQTT::CONNECT_LOG¶
(present if base/protocols/mqtt/main.zeek is loaded)
- MQTT::SUBSCRIBE_LOG¶
(present if base/protocols/mqtt/main.zeek is loaded)
- MQTT::PUBLISH_LOG¶
(present if base/protocols/mqtt/main.zeek is loaded)
- mysql::LOG¶
(present if base/protocols/mysql/main.zeek is loaded)
- NTLM::LOG¶
(present if base/protocols/ntlm/main.zeek is loaded)
- NTP::LOG¶
(present if base/protocols/ntp/main.zeek is loaded)
- RADIUS::LOG¶
(present if base/protocols/radius/main.zeek is loaded)
- RDP::LOG¶
(present if base/protocols/rdp/main.zeek is loaded)
- RFB::LOG¶
(present if base/protocols/rfb/main.zeek is loaded)
- SIP::LOG¶
(present if base/protocols/sip/main.zeek is loaded)
- SNMP::LOG¶
(present if base/protocols/snmp/main.zeek is loaded)
- SMB::MAPPING_LOG¶
(present if base/protocols/smb/main.zeek is loaded)
- SMB::FILES_LOG¶
(present if base/protocols/smb/main.zeek is loaded)
- SMTP::LOG¶
(present if base/protocols/smtp/main.zeek is loaded)
- SOCKS::LOG¶
(present if base/protocols/socks/main.zeek is loaded)
- SSH::LOG¶
(present if base/protocols/ssh/main.zeek is loaded)
- Syslog::LOG¶
(present if base/protocols/syslog/main.zeek is loaded)
- PE::LOG¶
(present if base/files/pe/main.zeek is loaded)
- Management::Log::LOG¶
(present if policy/frameworks/management/log.zeek is loaded)
- NetControl::CATCH_RELEASE¶
(present if policy/frameworks/netcontrol/catch-and-release.zeek is loaded)
- Telemetry::LOG¶
(present if policy/frameworks/telemetry/log.zeek is loaded)
- Telemetry::LOG_HISTOGRAM¶
(present if policy/frameworks/telemetry/log.zeek is loaded)
- CaptureLoss::LOG¶
(present if policy/misc/capture-loss.zeek is loaded)
- Traceroute::LOG¶
(present if policy/misc/detect-traceroute/main.zeek is loaded)
- LoadedScripts::LOG¶
(present if policy/misc/loaded-scripts.zeek is loaded)
- Stats::LOG¶
(present if policy/misc/stats.zeek is loaded)
- WeirdStats::LOG¶
(present if policy/misc/weird-stats.zeek is loaded)
- UnknownProtocol::LOG¶
(present if policy/misc/unknown-protocols.zeek is loaded)
- Known::HOSTS_LOG¶
(present if policy/protocols/conn/known-hosts.zeek is loaded)
- Known::SERVICES_LOG¶
(present if policy/protocols/conn/known-services.zeek is loaded)
- Known::MODBUS_LOG¶
(present if policy/protocols/modbus/known-masters-slaves.zeek is loaded)
- Modbus::REGISTER_CHANGE_LOG¶
(present if policy/protocols/modbus/track-memmap.zeek is loaded)
- SMB::CMD_LOG¶
(present if policy/protocols/smb/log-cmds.zeek is loaded)
- Known::CERTS_LOG¶
(present if policy/protocols/ssl/known-certs.zeek is loaded)
- ZeekygenExample::LOG¶
(present if zeekygen/example.zeek is loaded)
Type that defines an ID unique to each log stream. Scripts creating new log streams need to redef this enum to add their own specific log ID. The log ID implicitly determines the default name of the generated log file.
- Log::PolicyHook¶
- Type
hook
(rec:any
, id:Log::ID
, filter:Log::Filter
) :bool
A hook type to implement filtering policy at log filter granularity. Like
Log::StreamPolicyHook
, these can implement added functionality, alter it prior to logging, or veto the write. These hooks run at log filter granularity, so get aLog::Filter
instance as additional argument. You can pass additional state into the hook via the the filter$config table.- Param rec
An instance of the stream’s
columns
type with its fields set to the values to be logged.- Param id
The ID associated with the logging stream the filter belongs to.
- Param filter
The
Log::Filter
instance that steers the output of the given log record.
- Log::PrintLogInfo¶
- Type
-
- ts:
time
&log
The network time at which the print statement was executed.
- vals:
string_vec
&log
Set of strings passed to the print statement.
- ts:
If
Log::print_to_log
is set to redirect,print
statements will automatically populate log entries with the fields contained in this record.
- Log::PrintLogType¶
- Type
-
- Log::REDIRECT_NONE¶
No redirection of
print
statements.
- Log::REDIRECT_STDOUT¶
Redirection of those
print
statements that were being logged to stdout, leaving behind those set to go to other specific files.
- Log::REDIRECT_ALL¶
Redirection of all
print
statements.
Configurations for
Log::print_to_log
- Log::RotationFmtInfo¶
- Type
-
- writer:
Log::Writer
The log writer being used.
- path:
string
Original path value.
- open:
time
Time when opened.
- close:
time
Time when closed.
- terminating:
bool
True if rotation occurred due to Zeek shutting down.
- postprocessor:
Log::RotationPostProcessorFunc
&optional
The postprocessor function that will be called after rotation.
- writer:
Information passed into rotation format callback function given by
Log::rotation_format_func
.
- Log::RotationInfo¶
- Type
Information passed into rotation callback functions.
- Log::RotationPath¶
- Type
-
- dir:
string
&default
=Log::default_rotation_dir
&optional
A directory to rotate the log to. This directory is created just-in-time, as the log rotation is about to happen. If it cannot be created, an error is emitted and the rotation process tries to proceed with rotation inside the working directory. When setting this field, beware that renaming files across file systems will generally fail.
- file_basename:
string
A base name to use for the rotated log. Log writers may later append a file extension of their choosing to this user-chosen base (e.g. if using the default ASCII writer and you want rotated files of the format “foo-<date>.log”, then this basename can be set to “foo-<date>” and the “.log” is added later (there’s also generally means of customizing the file extension, too, like the
ZEEK_LOG_SUFFIX
environment variable or writer-dependent configuration options.
- dir:
A log file rotation path specification that’s returned by the user-customizable
Log::rotation_format_func
.
- Log::RotationPostProcessorFunc¶
- Type
function
(info:Log::RotationInfo
) :bool
The function type for log rotation post processors.
- Log::Stream¶
- Type
-
- columns:
any
A record type defining the log’s columns.
- ev:
any
&optional
Event that will be raised once for each log entry. The event receives a single same parameter, an instance of type
columns
.- path:
string
&optional
A path that will be inherited by any filters added to the stream which do not already specify their own path.
- policy:
Log::PolicyHook
&optional
Policy hooks can adjust log records and veto their writing. Any hook handler that breaks from its body signals that Zeek won’t log the entry passed into it. You can pass arbitrary state into the hook via the filter instance and its config table.
New Filters created for this stream will inherit this policy hook, unless they provide their own.
- event_groups:
set
[string
]&default
={ }
&optional
Event groups associated with this stream that are disabled when
Log::disable_stream
is invoked and re-enabled duringLog::enable_stream
.This field can be used to short-circuit event handlers that are solely responsible for logging functionality at runtime when a log stream is disabled.
This field allows for both, attribute event groups and module event groups. If the given group names exists as attribute or module or either event group, they are disabled when the log stream is disabled and enabled when the stream is enabled again.
- columns:
Type defining the content of a logging stream.
- Log::StreamPolicyHook¶
-
A hook type to implement filtering policy. Hook handlers run on each log record. They can implement arbitrary per-record processing, alter the log record, or veto the writing of the given record by breaking from the hook handler.
- Param rec
An instance of the stream’s
columns
type with its fields set to the values to be logged.- Param id
The ID associated with the logging stream the filter belongs to.
Events¶
- Log::log_print¶
- Type
event
(rec:Log::PrintLogInfo
)
Event for accessing logged print records.
Hooks¶
- Log::log_stream_policy¶
-
The global log policy hook. The framework invokes this hook for any log write, prior to iterating over the stream’s associated filters. As with filter-specific hooks, breaking from the hook vetoes writing of the given log record. Note that filter-level policy hooks still get invoked after the global hook vetoes, but they cannot “un-veto” the write.
Functions¶
- Log::add_default_filter¶
-
Adds a default
Log::Filter
record withname
field set as “default” to a given logging stream.- Parameters
id – The ID associated with a logging stream for which to add a default filter.
- Returns
The status of a call to
Log::add_filter
using a defaultLog::Filter
argument withname
field set to “default”.
See also:
Log::add_filter
,Log::remove_filter
,Log::remove_default_filter
- Log::add_filter¶
- Type
function
(id:Log::ID
, filter:Log::Filter
) :bool
Adds a custom filter to an existing logging stream. If a filter with a matching
name
field already exists for the stream, it is removed when the new filter is successfully added.- Parameters
id – The ID associated with the logging stream to filter.
filter – A record describing the desired logging parameters.
- Returns
True if the filter was successfully added, false if the filter was not added or the filter argument was not the correct type.
See also:
Log::remove_filter
,Log::add_default_filter
,Log::remove_default_filter
,Log::get_filter
,Log::get_filter_names
- Log::create_stream¶
- Type
function
(id:Log::ID
, stream:Log::Stream
) :bool
Creates a new logging stream with the default filter.
- Parameters
id – The ID enum to be associated with the new logging stream.
stream – A record defining the content that the new stream will log.
- Returns
True if a new logging stream was successfully created and a default filter added to it.
See also:
Log::add_default_filter
,Log::remove_default_filter
- Log::default_ext_func¶
-
Default log extension function in the case that you would like to apply the same extensions to all logs. The function must return a record with all of the fields to be included in the log. The default function included here does not return a value, which indicates that no extensions are added.
- Log::default_path_func¶
-
Builds the default path values for log filters if not otherwise specified by a filter. The default implementation uses id to derive a name. Upon adding a filter to a stream, if neither
path
norpath_func
is explicitly set by them, then this function is used as thepath_func
.- Parameters
id – The ID associated with the log stream.
path – A suggested path value, which may be either the filter’s
path
if defined, else a previous result from the function. If nopath
is defined for the filter, then the first call to the function will contain an empty string.rec – An instance of the stream’s
columns
type with its fields set to the values to be logged.
- Returns
The path to be used for the filter.
- Log::disable_stream¶
-
Disables a currently enabled logging stream. Disabled streams will not be written to until they are enabled again. New streams are enabled by default.
- Parameters
id – The ID associated with the logging stream to disable.
- Returns
True if the stream is now disabled or was already disabled.
See also:
Log::enable_stream
- Log::enable_stream¶
-
Enables a previously disabled logging stream. Disabled streams will not be written to until they are enabled again. New streams are enabled by default.
- Parameters
id – The ID associated with the logging stream to enable.
- Returns
True if the stream is re-enabled or was not previously disabled.
See also:
Log::disable_stream
- Log::flush¶
-
Flushes any currently buffered output for all the writers of a given logging stream.
- Parameters
id – The ID associated with a logging stream for which to flush buffered data.
- Returns
True if all writers of a log stream were signalled to flush buffered data or if the logging stream is disabled, false if the logging stream does not exist.
See also:
Log::set_buf
,Log::enable_stream
,Log::disable_stream
- Log::get_filter¶
- Type
function
(id:Log::ID
, name:string
) :Log::Filter
Gets a filter associated with an existing logging stream.
- Parameters
id – The ID associated with a logging stream from which to obtain one of its filters.
name – A string to match against the
name
field of aLog::Filter
for identification purposes.
- Returns
A filter attached to the logging stream id matching name or, if no matches are found returns the
Log::no_filter
sentinel value.
See also:
Log::add_filter
,Log::remove_filter
,Log::add_default_filter
,Log::remove_default_filter
,Log::get_filter_names
- Log::get_filter_names¶
-
Gets the names of all filters associated with an existing logging stream.
- Parameters
id – The ID of a logging stream from which to obtain the list of filter names.
- Returns
The set of filter names associated with the stream.
- ..zeek:see:: Log::remove_filter Log::add_default_filter
Log::remove_default_filter Log::get_filter
- Log::remove_default_filter¶
-
Removes the
Log::Filter
withname
field equal to “default”.- Parameters
id – The ID associated with a logging stream from which to remove the default filter.
- Returns
The status of a call to
Log::remove_filter
using “default” as the argument.
See also:
Log::add_filter
,Log::remove_filter
,Log::add_default_filter
- Log::remove_filter¶
-
Removes a filter from an existing logging stream.
- Parameters
id – The ID associated with the logging stream from which to remove a filter.
name – A string to match against the
name
field of aLog::Filter
for identification purposes.
- Returns
True if the logging stream’s filter was removed or if no filter associated with name was found.
See also:
Log::remove_filter
,Log::add_default_filter
,Log::remove_default_filter
,Log::get_filter
,Log::get_filter_names
- Log::remove_stream¶
-
Removes a logging stream completely, stopping all the threads.
- Parameters
id – The ID associated with the logging stream.
- Returns
True if the stream was successfully removed.
See also:
Log::create_stream
- Log::rotation_format_func¶
- Type
- Attributes
A function that one may use to customize log file rotation paths.
- Log::run_rotation_postprocessor_cmd¶
- Type
function
(info:Log::RotationInfo
, npath:string
) :bool
Runs a command given by
Log::default_rotation_postprocessor_cmd
on a rotated file. Meant to be called from postprocessor functions that are added toLog::default_rotation_postprocessors
.- Parameters
info – A record holding meta-information about the log being rotated.
npath – The new path of the file (after already being rotated/processed by writer-specific postprocessor as defined in
Log::default_rotation_postprocessors
).
- Returns
True when
Log::default_rotation_postprocessor_cmd
is empty or the system command given by it has been invoked to postprocess a rotated log file.
See also:
Log::default_rotation_date_format
,Log::default_rotation_postprocessor_cmd_env
,Log::default_rotation_postprocessor_cmd
,Log::default_rotation_postprocessors
- Log::set_buf¶
-
Sets the buffering status for all the writers of a given logging stream. A given writer implementation may or may not support buffering and if it doesn’t then toggling buffering with this function has no effect.
- Parameters
id – The ID associated with a logging stream for which to enable/disable buffering.
buffered – Whether to enable or disable log buffering.
- Returns
True if buffering status was set, false if the logging stream does not exist.
See also:
Log::flush
- Log::write¶
-
Writes a new log line/entry to a logging stream.
- Parameters
id – The ID associated with a logging stream to be written to.
columns – A record value describing the values of each field/column to write to the log stream.
- Returns
True if the stream was found and no error occurred in writing to it or if the stream was disabled and nothing was written. False if the stream was not found, or the columns argument did not match what the stream was initially defined to handle, or one of the stream’s filters has an invalid
path_func
.
See also:
Log::enable_stream
,Log::disable_stream