I want to log all the streams the Bro has to offer. I did the following for one stream but I am not getting the desired answer.
redef LogAscii::use_json=T;
redef LogAscii::json_timestamps = JSON::TS_ISO8601;
export
{
# Append the value LOG to the Log::ID enumerable.
redef enum Log::ID += { LOG };
}
event bro_init()
{
#Create the logging stream
Log::create_stream(LOG, [$columns=IRC::Info, $path="irc"]);
Log::write(LOG, IRC::Info) ;
}
Can I get any help with this?
Are you feeding traffic into Bro? Bro will only creates log files when it generates a log line which would go into that log.
Your script doesn't execute either, you are try to pass a type (IRC::Info) into a field that expects a value of that type.
You also don't need to call
Log::create_stream, it is part of the base IRC support which is loaded by default.