From 26eab74ecc75dca0fb7f93f877167f3fe9e79ec4 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 8 Mar 2011 17:58:03 -0800 Subject: [PATCH] The ASCII writer can now deal with /dev/* paths. It will not longer try to add a ".log" extension. --- TODO.logging | 1 - src/LogWriterAscii.cc | 6 +++- src/LogWriterAscii.h | 2 ++ testing/btest/Baseline/logging.stdout/output | 6 ++++ testing/btest/logging/stdout.bro | 36 ++++++++++++++++++++ 5 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/logging.stdout/output create mode 100644 testing/btest/logging/stdout.bro diff --git a/TODO.logging b/TODO.logging index 5ddca90ec7..1aa9132a55 100644 --- a/TODO.logging +++ b/TODO.logging @@ -2,7 +2,6 @@ List of the things not implemented yet: - Not sure if the logging does the right thing with &optional and &default values. Needs testing. - - Spawning writers in separate threads (not clear if we want that initially). - Check the new event-value code. - Configure Ascii Writer: diff --git a/src/LogWriterAscii.cc b/src/LogWriterAscii.cc index 6ba3f812f7..c38e49eb21 100644 --- a/src/LogWriterAscii.cc +++ b/src/LogWriterAscii.cc @@ -17,7 +17,7 @@ LogWriterAscii::~LogWriterAscii() bool LogWriterAscii::DoInit(string path, int num_fields, const LogField* const * fields) { - fname = path + ".log"; + fname = IsSpecial(path) ? path : path + ".log"; if ( ! (file = fopen(fname.c_str(), "w")) ) { @@ -135,6 +135,10 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields, Log bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open, double close, bool terminating) { + if ( ! IsSpecial(Path()) ) + // Don't rotate special files. + return true; + fclose(file); string nname = rotated_path + ".log"; diff --git a/src/LogWriterAscii.h b/src/LogWriterAscii.h index 9732242fba..0e060ea97e 100644 --- a/src/LogWriterAscii.h +++ b/src/LogWriterAscii.h @@ -23,6 +23,8 @@ protected: virtual void DoFinish(); private: + bool IsSpecial(string path) { return path.find("/dev/") == 0; } + FILE* file; string fname; }; diff --git a/testing/btest/Baseline/logging.stdout/output b/testing/btest/Baseline/logging.stdout/output new file mode 100644 index 0000000000..d7dcbd4e48 --- /dev/null +++ b/testing/btest/Baseline/logging.stdout/output @@ -0,0 +1,6 @@ +# t id.orig_h id.orig_p id.resp_h id.resp_p status country +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 success unknown +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure US +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure UK +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 success BR +1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/logging/stdout.bro b/testing/btest/logging/stdout.bro new file mode 100644 index 0000000000..15fd071b58 --- /dev/null +++ b/testing/btest/logging/stdout.bro @@ -0,0 +1,36 @@ +# +# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: btest-diff output +# @TEST-EXEC: test '!' -e ssh.log + +module SSH; + +export { + redef enum Log::ID += { SSH }; + + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + status: string &optional; + country: string &default="unknown"; + }; +} + +event bro_init() +{ + Log::create_stream(SSH, [$columns=Log]); + + local filter = Log::get_filter(SSH, "default"); + filter$path= "/dev/stdout"; + Log::add_filter(SSH, filter); + + local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp]; + + Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]); + +} +