logger.zeek

This is the core Zeek script to support the notion of a cluster logger.

The logger is passive (other Zeek instances connect to us), and once connected the logger receives logs from other Zeek instances. This script will be automatically loaded if necessary based on the type of node being started. This is where the cluster logger sets it’s specific settings for other frameworks and in the core.

Summary

State Variables

archiver_log_metadata: table &redef

Generic log metadata rendered into filename that zeek-archiver may interpret.

Redefinitions

`Log::default_mail_alarms_interval`: `interval` `&redef`	Alarm summary mail interval.
`Log::default_rotation_interval`: `interval` `&redef`	Log rotation interval.
`Log::default_rotation_postprocessor_cmd`: `string` `&redef`	Use the cluster’s archive logging script.
`Log::enable_local_logging`: `bool` `&redef`	Turn on local logging.
`Log::enable_remote_logging`: `bool` `&redef`	Turn off remote logging since this is the logger and should only log here.

Functions

`archiver_encode_log_metadata`: `function`	Encode the given table as zeek-archiver understood metadata part.
`archiver_rotation_format_func`: `function`	This function will rotate logs in a format compatible with zeek-archiver.

Detailed Interface

State Variables

archiver_log_metadata 

Type:: table [string] of string
Attributes:: &redef
Default:: {}

Generic log metadata rendered into filename that zeek-archiver may interpret.

Functions

archiver_encode_log_metadata 

Type:: function (tbl: table [string] of string) : string

Encode the given table as zeek-archiver understood metadata part.

archiver_rotation_format_func 

Type:: function (ri: Log::RotationFmtInfo) : Log::RotationPath

This function will rotate logs in a format compatible with zeek-archiver. If you’re using the Supervisor framework, this function will be used, if not, you can set Log::rotation_format_func to this function.