Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Files can now be logged; their filename will be written out.

Browse source
This commit is contained in:
Robin Sommer 2011-04-17 20:52:18 -07:00
parent c132506203
commit 29b0d0d1d9
5 changed files with 45 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/LogMgr.cc
View file

@ -65,7 +65,7 @@ struct LogMgr::Stream {
LogVal::~LogVal() LogVal::~LogVal()
{ {
if ( (type == TYPE_ENUM || type == TYPE_STRING) && present ) if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE) && present )
delete val.string_val; delete val.string_val;
if ( type == TYPE_TABLE && present ) if ( type == TYPE_TABLE && present )
@ -104,6 +104,7 @@ bool LogVal::IsCompatibleType(BroType* t, bool atomic_only)
case TYPE_INTERVAL: case TYPE_INTERVAL:
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE:
return true; return true;
case TYPE_RECORD: case TYPE_RECORD:
@ -206,6 +207,7 @@ bool LogVal::Read(SerializationFormat* fmt)
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE:
{ {
val.string_val = new string; val.string_val = new string;
return fmt->Read(val.string_val, "string"); return fmt->Read(val.string_val, "string");
@ -309,6 +311,7 @@ bool LogVal::Write(SerializationFormat* fmt) const
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE:
return fmt->Write(*val.string_val, "string"); return fmt->Write(*val.string_val, "string");
case TYPE_TABLE: case TYPE_TABLE:
@ -574,6 +577,11 @@ bool LogMgr::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, Tabl
// That's ok, handle it with all the other types below. // That's ok, handle it with all the other types below.
} }
else if ( t->Tag() == TYPE_FILE )
{
// That's ok, handle it with all the other types below.
}
else { else {
run_time("unsupported field type for log column"); run_time("unsupported field type for log column");
return false; return false;
@ -936,6 +944,13 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
break; break;
} }
case TYPE_FILE:
{
const BroFile* f = val->AsFile();
lval->val.string_val = new string(f->Name());
break;
}
case TYPE_TABLE: case TYPE_TABLE:
{ {
ListVal* set = val->AsTableVal()->ConvertToPureList(); ListVal* set = val->AsTableVal()->ConvertToPureList();

1
src/LogWriterAscii.cc
View file

@ -138,6 +138,7 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE:
{ {
int size = val->val.string_val->size(); int size = val->val.string_val->size();
if ( size ) if ( size )

4
src/Type.cc
View file

@ -748,6 +748,8 @@ RecordType::RecordType(TypeList* arg_base, type_decl_list* refinements)
void RecordType::Init(TypeList* arg_base) void RecordType::Init(TypeList* arg_base)
{ {
assert(false); // Is this ever used?
base = arg_base; base = arg_base;
if ( ! base ) if ( ! base )
@ -914,7 +916,7 @@ const char* RecordType::AddFields(type_decl_list* others, attr_list* attr)
log = true; log = true;
} }
} }
loop_over_list(*others, i) loop_over_list(*others, i)
{ {
TypeDecl* td = (*others)[i]; TypeDecl* td = (*others)[i];

2
testing/btest/Baseline/logging.file/ssh.log Normal file
View file

@ -0,0 +1,2 @@
# t f
1303098703.62603 Foo.log

23
testing/btest/logging/file.bro Normal file
View file

@ -0,0 +1,23 @@
#
# @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff ssh.log
module SSH;
export {
redef enum Log::ID += { SSH };
type Log: record {
t: time;
f: file;
} &log;
}
const foo_log = open_log_file("Foo") &redef;
event bro_init()
{
Log::create_stream(SSH, [$columns=Log]);
Log::write(SSH, [$t=network_time(), $f=foo_log]);
}