This script defines a postprocessing function that can be applied
to a logging filter in order to automatically SFTP
a log stream (or a subset of it) to a remote host at configurable
rotation time intervals. Generally, to use this functionality
you must handle the
zeek_init event and do the following
in your handler:
- Create a new
Log::Filterrecord that defines a name/path, rotation interval, and set the
- Add the filter to a logging stream using
- Add a table entry to
Log::sftp_destinationsfor the filter’s writer/path pair which defines a set of
||Default naming format for timestamps embedded into log filenames that use the SFTP rotator.|
||A table indexed by a particular log writer and filter path, that yields a set of remote destinations.|
||A container that describes the remote destination for the SFTP command, comprised of the username, host, and path at which to upload the file.|
A table indexed by a particular log writer and filter path, that yields a set of remote destinations. The
Log::sftp_postprocessorfunction queries this table upon log rotation and performs a secure transfer of the rotated log to each destination in the set. This table can be modified at run-time.
A container that describes the remote destination for the SFTP command, comprised of the username, host, and path at which to upload the file.
Securely transfers the rotated log to all the remote hosts defined in
Log::sftp_destinationsand then deletes the local copy of the rotated log. It’s not active when reading from trace files.
Info: A record holding meta-information about the log file to be postprocessed. Returns: True if sftp system command was initiated or if no destination was configured for the log as described by info.