Package: base/frameworks/logging
The logging framework provides a flexible key-value based logging interface.
base/frameworks/logging/__load__.zeek
base/frameworks/logging/main.zeek
The Zeek logging interface.
See Logging Framework for an introduction to Zeek’s logging framework.
base/frameworks/logging/postprocessors/__load__.zeek
base/frameworks/logging/postprocessors/scp.zeek
This script defines a postprocessing function that can be applied to a logging filter in order to automatically SCP (secure copy) a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the
zeek_init
event and do the following in your handler:
Create a new
Log::Filter
record that defines a name/path, rotation interval, and set thepostprocessor
toLog::scp_postprocessor
.Add the filter to a logging stream using
Log::add_filter
.Add a table entry to
Log::scp_destinations
for the filter’s writer/path pair which defines a set ofLog::SCPDestination
records.
base/frameworks/logging/postprocessors/sftp.zeek
This script defines a postprocessing function that can be applied to a logging filter in order to automatically SFTP a log stream (or a subset of it) to a remote host at configurable rotation time intervals. Generally, to use this functionality you must handle the
zeek_init
event and do the following in your handler:
Create a new
Log::Filter
record that defines a name/path, rotation interval, and set thepostprocessor
toLog::sftp_postprocessor
.Add the filter to a logging stream using
Log::add_filter
.Add a table entry to
Log::sftp_destinations
for the filter’s writer/path pair which defines a set ofLog::SFTPDestination
records.
base/frameworks/logging/writers/ascii.zeek
Interface for the ASCII log writer. Redefinable options are available to tweak the output format of ASCII logs.
The ASCII writer currently supports one writer-specific per-filter config option: setting
tsv
to the stringT
turns the output into “tab-separated-value” mode where only a single header row with the column names is printed out as meta information, with no “# fields” prepended; no other meta data gets included in that mode. Example filter using this:local f: Log::Filter = [$name = "my-filter", $writer = Log::WRITER_ASCII, $config = table(["tsv"] = "T")];
base/frameworks/logging/writers/sqlite.zeek
Interface for the SQLite log writer. Redefinable options are available to tweak the output format of the SQLite reader.
See SQLite Input/Logging for an introduction on how to use the SQLite log writer.
The SQL writer currently supports one writer-specific filter option via
config
: settingtablename
sets the name of the table that is used or created in the SQLite database. An example for this is given in the introduction mentioned above.
base/frameworks/logging/writers/none.zeek
Interface for the None log writer. This writer is mainly for debugging.