Bro Logs Processing¶
- File location
Bundled implementation:
source/client/python/remote.py
Cluster implementation:
cluster/core/source/python/remote.py
Hook Mainloop¶
-
remote.
remote_proc
()¶ A context for running processes at the background.
In bundled implementation, this function also starts both
remote_dump()
andremote_logs()
as new processes.In cluster implementation, this function starts
remote()
as a new process.Note
Before exit, in bundled implementation, it will send
SIGUSR1
signal to theremote_dump()
background process andSIGUSR2
signal to theremote_logs()
background process; then wait for the process to gracefully exit.In cluster implementation, it will send
SIGUSR1
signal to theremote_logs()
background process and wait for the process to gracefully exit.
-
remote.
remote_logs
()¶ - Availability
bundled implementation
Runtime mainloop for Python hooks.
The function will start as an indefinite loop to fetch path to Bro logs from
const.QUEUE_LOGS
, and execute registered Python hooks on them.When
JOIN_LOGS
is set toTrue
, the function will break from the loop and execute registered Python hooks for closing (sites.EXIT
).- Raises
HookWarning – If hook execution failed.
-
remote.
remote
()¶ - Availability
cluster implementation
The function will start as an indefinite loop to fetch path to Bro logs from
const.QUEUE
, and execute registered Python hooks on them.When
JOIN
is set toTrue
, the function will break from the loop and execute registered Python hooks for closing (sites.EXIT
).- Raises
HookWarning – If hook execution failed.
-
hook
(log_name: str)¶ Wrapper function for running registered Python hooks.
- Parameters
log_name (str) – Root folder of Bro logs.
-
wrapper_logs
(args: Tuple[Callable[[str], Any], str])¶ Wrapper function for running registered Python hooks for processing (
sites.HOOK
).
-
wrapper_func
(func: Callable[], Any])¶ Wrapper function for running registered Python hooks for closing (
sites.EXIT
).
Signal Handling¶
Bundled Implementation¶
-
remote.
join_logs
(*args, **kwargs)¶ - Availability
bundled implementation
Toggle
JOIN_LOGS
toTrue
.Note
This function is registered as handler for
SIGUSR2`
.
-
remote.
JOIN_LOGS
= multiprocessing.Value('B', False)¶ - Availability
bundled implementation
Flag to stop the
remote_logs()
background process.