Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

The ASCII writer can now deal with /dev/* paths.

Browse source 
It will not longer try to add a ".log" extension.
This commit is contained in:
Robin Sommer 2011-03-08 17:58:03 -08:00
parent 4b7c5905f1
commit 26eab74ecc
5 changed files with 49 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
TODO.logging
View file

@ -2,7 +2,6 @@ List of the things not implemented yet:
- Not sure if the logging does the right thing with &optional and - Not sure if the logging does the right thing with &optional and
&default values. Needs testing. &default values. Needs testing.
- Spawning writers in separate threads (not clear if we want that initially).
- Check the new event-value code. - Check the new event-value code.
- Configure Ascii Writer: - Configure Ascii Writer:

6
src/LogWriterAscii.cc
View file

@ -17,7 +17,7 @@ LogWriterAscii::~LogWriterAscii()
bool LogWriterAscii::DoInit(string path, int num_fields, const LogField* const * fields) bool LogWriterAscii::DoInit(string path, int num_fields, const LogField* const * fields)
{ {
fname = path + ".log"; fname = IsSpecial(path) ? path : path + ".log";
if ( ! (file = fopen(fname.c_str(), "w")) ) if ( ! (file = fopen(fname.c_str(), "w")) )
{ {
@ -135,6 +135,10 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields, Log
bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open, double close, bool terminating) bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open, double close, bool terminating)
{ {
if ( ! IsSpecial(Path()) )
// Don't rotate special files.
return true;
fclose(file); fclose(file);
string nname = rotated_path + ".log"; string nname = rotated_path + ".log";

2
src/LogWriterAscii.h
View file

@ -23,6 +23,8 @@ protected:
virtual void DoFinish(); virtual void DoFinish();
private: private:
bool IsSpecial(string path) { return path.find("/dev/") == 0; }
FILE* file; FILE* file;
string fname; string fname;
}; };

6
testing/btest/Baseline/logging.stdout/output Normal file
View file

@ -0,0 +1,6 @@
# t id.orig_h id.orig_p id.resp_h id.resp_p status country
1299635864.89679 1.2.3.4 1234 2.3.4.5 80 success unknown
1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure US
1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure UK
1299635864.89679 1.2.3.4 1234 2.3.4.5 80 success BR
1299635864.89679 1.2.3.4 1234 2.3.4.5 80 failure MX

36
testing/btest/logging/stdout.bro Normal file
View file

@ -0,0 +1,36 @@
#
# @TEST-EXEC: bro %INPUT >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: test '!' -e ssh.log
module SSH;
export {
redef enum Log::ID += { SSH };
type Log: record {
t: time;
id: conn_id; # Will be rolled out into individual columns.
status: string &optional;
country: string &default="unknown";
};
}
event bro_init()
{
Log::create_stream(SSH, [$columns=Log]);
local filter = Log::get_filter(SSH, "default");
filter$path= "/dev/stdout";
Log::add_filter(SSH, filter);
local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
}