0

I want to log all the streams the Bro has to offer. I did the following for one stream but I am not getting the desired answer.

redef LogAscii::use_json=T;
redef LogAscii::json_timestamps = JSON::TS_ISO8601;

export
{
    # Append the value LOG to the Log::ID enumerable.
    redef enum Log::ID += { LOG };
}

event bro_init()
{
    #Create the logging stream
    Log::create_stream(LOG, [$columns=IRC::Info, $path="irc"]);
    Log::write(LOG, IRC::Info) ; 
}

Can I get any help with this?

Seth Hall
  • 367
  • 1
  • 10
Abhiman talwar
  • 1
  • 2

1 Answers1

1

Are you feeding traffic into Bro? Bro will only creates log files when it generates a log line which would go into that log.

Your script doesn't execute either, you are try to pass a type (IRC::Info) into a field that expects a value of that type.

You also don't need to call Log::create_stream, it is part of the base IRC support which is loaded by default.

Seth Hall
  • 367
  • 1
  • 10
  • 1
    Thanks Seth for the reply. My problem was that Bro wasn't generating the logs for the frameworks because the I didn't have any data that would lead all those scripts to run. Got that after some research into how Bro was written. – Abhiman talwar Jun 23 '16 at 05:11