Implement leftover log rotation/archival for supervised nodes

This helps prevent a node from being killed/crashing in the middle of writing a log, restarting, and eventually clobbering that log file that never underwent the rotation/archival process. The old `archive-log` and `post-terminate` scripts as used by ZeekControl previously implemented this behavior, but the new logic is entirely in the ASCII writer. It uses ".shadow" log files stored alongside the real log to help detect such scenarios and rotate them correctly upon the next startup of the Zeek process.
2025-10-02 14:48:21 +00:00 · 2020-06-24 14:28:54 -07:00 · 2020-06-24 14:28:54 -07:00 · 11949ce37a
commit 11949ce37a
parent a46e24091a
11 changed files with 523 additions and 17 deletions
--- a/src/logging/Manager.h
+++ b/src/logging/Manager.h
@ -4,6 +4,9 @@

 #pragma once

+#include <ctime>
+#include <string_view>
+
 #include "../Val.h"
 #include "../Tag.h"
 #include "../EventHandler.h"
@ -26,6 +29,19 @@ class RotationFinishedMessage;
 */
 class Manager : public plugin::ComponentManager<Tag, Component> {
 public:
+
+	/**
+	 * Returns a formatted string representing the given time.  This
+	 * string is used in the log file rotation process.
+	 */
+	static std::string FormatRotationTime(time_t t);
+
+	/**
+	 * Returns a formatted string representing the file rotation path.  This
+	 * string is used in the log file rotation process.
+	 */
+	static std::string FormatRotationPath(std::string_view path, time_t t);
+
 	/**
 	 * Constructor.
 	 */