From 0c8b5a712d1d3117e19b8fb13dbd505938dba75d Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Thu, 1 Dec 2011 14:07:08 -0600
Subject: [PATCH] Add a remote_log_peer event which contains an event_peer
 record param.

Addresses #493.
---
 .../base/frameworks/communication/main.bro    |  7 ++++
 src/RemoteSerializer.cc                       | 30 ++++++++++-----
 src/event.bif                                 | 23 ++++++++++++
 .../send.log                                  | 17 +++++++++
 .../communication_log_baseline.bro            | 37 +++++++++++++++++++
 5 files changed, 104 insertions(+), 10 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
 create mode 100644 testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro

diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro
index 569ba140a9..01c608c8db 100644
--- a/scripts/base/frameworks/communication/main.bro
+++ b/scripts/base/frameworks/communication/main.bro
@@ -130,6 +130,13 @@ event remote_log(level: count, src: count, msg: string)
 	do_script_log_common(level, src, msg);
 	}
 
+# This is a core generated event.
+event remote_log_peer(p: event_peer, level: count, src: count, msg: string)
+	{
+	local rmsg = fmt("[#%d/%s:%d] %s", p$id, p$host, p$p, msg);
+	do_script_log_common(level, src, rmsg);
+	}
+
 function do_script_log(p: event_peer, msg: string)
 	{
 	do_script_log_common(REMOTE_LOG_INFO, REMOTE_SRC_SCRIPT, msg);
diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc
index a21a7abc60..3a24b8792a 100644
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@@ -2923,24 +2923,34 @@ void RemoteSerializer::Log(LogLevel level, const char* msg)
 void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer,
 				LogSrc src)
 	{
+	if ( peer )
+		{
+		val_list* vl = new val_list();
+		vl->append(peer->val->Ref());
+		vl->append(new Val(level, TYPE_COUNT));
+		vl->append(new Val(src, TYPE_COUNT));
+		vl->append(new StringVal(msg));
+		mgr.QueueEvent(remote_log_peer, vl);
+		}
+	else
+		{
+		val_list* vl = new val_list();
+		vl->append(new Val(level, TYPE_COUNT));
+		vl->append(new Val(src, TYPE_COUNT));
+		vl->append(new StringVal(msg));
+		mgr.QueueEvent(remote_log, vl);
+		}
+
 	const int BUFSIZE = 1024;
 	char buffer[BUFSIZE];
-
 	int len = 0;
 
 	if ( peer )
-		len += snprintf(buffer + len, sizeof(buffer) - len,
-				"[#%d/%s:%d] ", int(peer->id), ip2a(peer->ip),
-				peer->port);
+		len += snprintf(buffer + len, sizeof(buffer) - len, "[#%d/%s:%d] ",
+		                int(peer->id), ip2a(peer->ip), peer->port);
 
 	len += safe_snprintf(buffer + len, sizeof(buffer) - len, "%s", msg);
 
-	val_list* vl = new val_list();
-	vl->append(new Val(level, TYPE_COUNT));
-	vl->append(new Val(src, TYPE_COUNT));
-	vl->append(new StringVal(buffer));
-	mgr.QueueEvent(remote_log, vl);
-
 	DEBUG_COMM(fmt("parent: %.6f %s", current_time(), buffer));
 	}
 
diff --git a/src/event.bif b/src/event.bif
index d953ac78fe..0c2f7eb780 100644
--- a/src/event.bif
+++ b/src/event.bif
@@ -444,6 +444,29 @@ event remote_state_inconsistency%(operation: string, id: string,
 # Generated for communication log message.
 event remote_log%(level: count, src: count, msg: string%);
 
+## Generated for communication log messages. While this event is
+## intended primarily for use by Bro's communication framework, it can also trigger
+## additional code if helpful.  This event is equivalent to
+## :bro:see:`remote_log` except the message is with respect to a certain peer.
+##
+## p: A record describing the remote peer.
+##
+## level: The log level, which is either :bro:enum:`REMOTE_LOG_INFO` or
+##        :bro:enum:`REMOTE_LOG_ERROR`.
+##
+## src: The component of the comminication system that logged the message.
+##      Currently, this will be one of :bro:enum:`REMOTE_SRC_CHILD` (Bro's
+##      child process), :bro:enum:`REMOTE_SRC_PARENT` (Bro's main process), or
+##      :bro:enum:`REMOTE_SRC_SCRIPT` (the script level).
+##
+## msg: The message logged.
+##
+## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error
+##    remote_connection_established remote_connection_handshake_done
+##    remote_event_registered  remote_pong remote_state_access_performed
+##    remote_state_inconsistency print_hook remote_log
+event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%);
+
 # Generated when a remote peer has answered to our ping.
 event remote_pong%(p: event_peer, seq: count,
 			d1: interval, d2: interval, d3: interval%);
diff --git a/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
new file mode 100644
index 0000000000..9cf441d61a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
@@ -0,0 +1,17 @@
+#separator \x09
+#path	communication
+#fields	ts	peer	src_name	connected_peer_desc	connected_peer_addr	connected_peer_port	level	message
+#types	time	string	string	string	addr	port	string	string
+1322759704.176437	bro	parent	-	-	-	info	raised pipe's socket buffer size from 8K to 1024K
+1322759704.176437	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] added peer
+1322759704.183341	bro	child	-	-	-	info	[#1/127.0.0.1:47757] connected
+1322759704.183738	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer connected
+1322759704.183738	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: version
+1322759704.184034	bro	script	-	-	-	info	connection established
+1322759704.184034	bro	script	-	-	-	info	requesting events matching /^?(NOTHING)$?/
+1322759704.184034	bro	script	-	-	-	info	accepting state
+1322759704.185120	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] phase: handshake
+1322759704.185120	bro	parent	-	-	-	info	warning: no events to request
+1322759704.185120	bro	parent	-	-	-	info	terminating...
+1322759704.185120	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] peer_description is bro
+1322759704.185120	bro	parent	-	-	-	info	[#1/127.0.0.1:47757] closing connection
diff --git a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
new file mode 100644
index 0000000000..74ff297010
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
@@ -0,0 +1,37 @@
+# 
+# @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro
+# @TEST-EXEC: btest-bg-run sender   bro -b ../sender.bro
+# @TEST-EXEC: btest-bg-wait -k 2
+#
+# Don't diff the receiver log just because port is always going to change
+# @TEST-EXEC: grep -v pid sender/communication.log >send.log
+# @TEST-EXEC: btest-diff send.log
+
+@TEST-START-FILE sender.bro
+
+@load base/frameworks/communication/main
+
+redef Communication::nodes += {
+    ["foo"] = [$host = 127.0.0.1, $events = /NOTHING/, $connect=T]
+};
+
+event remote_connection_established(p: event_peer)
+	{
+	terminate_communication();
+	terminate();
+	}
+
+@TEST-END-FILE
+
+#############
+
+@TEST-START-FILE receiver.bro
+
+@load frameworks/communication/listen
+
+event remote_connection_closed(p: event_peer)
+	{
+	terminate();
+	}
+
+@TEST-END-FILE