Logging framework update and mass Log::ID renaming.

- Log path's are generated in the scripting land now. The default Log stream ID to path string mapping works like this: - Notice::LOG -> "notice" - Notice::POLICY_LOG -> "notice_policy" - TestModule::LOG -> "test_module" - Logging streams updated across all of the shipped scripts to be more user friendly. Instead of the logging stream ID HTTP::HTTP, we now have HTTP::LOG, etc. - The priorities on some bro_init handlers have been adjusted to make the process of applying filters or disabling streams easier for users.
2025-10-05 08:08:19 +00:00 · 2011-09-03 01:10:17 -04:00 · 2011-09-03 01:10:17 -04:00 · 11c437faa3
commit 11c437faa3
parent fe53091cd1
77 changed files with 391 additions and 619 deletions
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@ -172,8 +172,47 @@ function __default_rotation_postprocessor(info: RotationInfo) : bool

 function default_path_func(id: ID, path: string, rec: any) : string
 	{
-	# TODO for Seth: Do what you want. :)
-	return path;
+	local id_str = fmt("%s", id);
+	
+	local parts = split1(id_str, /::/);
+	if ( |parts| == 2 )
+		{
+		# TODO: the core shouldn't be suggesting paths anymore.  Only 
+		#       statically defined paths should be sent into here.  This
+		#       is only to cope with the core generated paths.
+		if ( to_lower(parts[2]) != path )
+			return path;
+		
+		# Example: Notice::LOG -> "notice"
+		if ( parts[2] == "LOG" )
+			{
+			local module_parts = split_n(parts[1], /[^A-Z][A-Z][a-z]*/, T, 4);
+			local output = "";
+			if ( 1 in module_parts )
+				output = module_parts[1];
+			if ( 2 in module_parts && module_parts[2] != "" )
+				output = cat(output, sub_bytes(module_parts[2],1,1), "_", sub_bytes(module_parts[2], 2, |module_parts[2]|));
+			if ( 3 in module_parts && module_parts[3] != "" )
+				output = cat(output, "_", module_parts[3]);
+			if ( 4 in module_parts && module_parts[4] != "" )
+				output = cat(output, sub_bytes(module_parts[4],1,1), "_", sub_bytes(module_parts[4], 2, |module_parts[4]|));
+			# TODO: There seems to be some problem with the split function 
+			#       not putting \0 at the end of the string.  fmt will make
+			#       a better internal string.
+			return fmt("%s", to_lower(output));
+			}
+		
+		# Example: Notice::POLICY_LOG -> "notice_policy"
+		if ( /_LOG$/ in parts[2] )
+			parts[2] = sub(parts[2], /_LOG$/, "");
+		
+		return cat(to_lower(parts[1]),"_",to_lower(parts[2]));
+		}
+	else
+		{
+		# In case there is a logging stream in the global namespace.
+		return to_lower(id_str);
+		}
 	}

 # Run post-processor on file. If there isn't any postprocessor defined,
@ -217,7 +256,7 @@ function add_filter(id: ID, filter: Filter) : bool
 	# definition.
 	if ( ! filter?$path_func )
 		filter$path_func = default_path_func;
-
+	
 	filters[id, filter$name] = filter;
 	return __add_filter(id, filter);
 	}