diff --git a/TODO.logging b/TODO.logging index 5ddca90ec7..1aa9132a55 100644 --- a/TODO.logging +++ b/TODO.logging @@ -2,7 +2,6 @@ List of the things not implemented yet: - Not sure if the logging does the right thing with &optional and &default values. Needs testing. - - Spawning writers in separate threads (not clear if we want that initially). - Check the new event-value code. - Configure Ascii Writer: diff --git a/src/LogWriterAscii.cc b/src/LogWriterAscii.cc index 6ba3f812f7..c38e49eb21 100644 --- a/src/LogWriterAscii.cc +++ b/src/LogWriterAscii.cc @@ -17,7 +17,7 @@ LogWriterAscii::~LogWriterAscii() bool LogWriterAscii::DoInit(string path, int num_fields, const LogField* const * fields) { - fname = path + ".log"; + fname = IsSpecial(path) ? path : path + ".log"; if ( ! (file = fopen(fname.c_str(), "w")) ) { @@ -135,6 +135,10 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields, Log bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open, double close, bool terminating) { + if ( ! IsSpecial(Path()) ) + // Don't rotate special files. + return true; + fclose(file); string nname = rotated_path + ".log"; diff --git a/src/LogWriterAscii.h b/src/LogWriterAscii.h index 9732242fba..0e060ea97e 100644 --- a/src/LogWriterAscii.h +++ b/src/LogWriterAscii.h @@ -23,6 +23,8 @@ protected: virtual void DoFinish(); private: + bool IsSpecial(string path) { return path.find("/dev/") == 0; } + FILE* file; string fname; }; diff --git a/testing/btest/Baseline/logging.stdout/output b/testing/btest/Baseline/logging.stdout/output new file mode 100644 index 0000000000..d7dcbd4e48 --- /dev/null +++ b/testing/btest/Baseline/logging.stdout/output @@ -0,0 +1,6 @@ +# t id.orig_h id.orig_p id.resp_h id.resp_p status country +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 success unknown +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure US +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure UK +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 success BR +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/logging/stdout.bro b/testing/btest/logging/stdout.bro new file mode 100644 index 0000000000..15fd071b58 --- /dev/null +++ b/testing/btest/logging/stdout.bro @@ -0,0 +1,36 @@ +# +# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: btest-diff output +# @TEST-EXEC: test '!' -e ssh.log + +module SSH; + +export { + redef enum Log::ID += { SSH }; + + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + status: string &optional; + country: string &default="unknown"; + }; +} + +event bro_init() +{ + Log::create_stream(SSH, [$columns=Log]); + + local filter = Log::get_filter(SSH, "default"); + filter$path= "/dev/stdout"; + Log::add_filter(SSH, filter); + + local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp]; + + Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]); + +} +