Files can now be logged; their filename will be written out.

2025-10-02 14:48:21 +00:00 · 2011-04-17 20:52:18 -07:00 · 2011-04-17 20:52:18 -07:00 · 29b0d0d1d9
commit 29b0d0d1d9
parent c132506203
5 changed files with 45 additions and 2 deletions
--- a/src/LogMgr.cc
+++ b/src/LogMgr.cc
@ -65,7 +65,7 @@ struct LogMgr::Stream {

 LogVal::~LogVal()
 	{
-	if ( (type == TYPE_ENUM || type == TYPE_STRING) && present )
+	if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE) && present )
 		delete val.string_val;

 	if ( type == TYPE_TABLE && present )
@ -104,6 +104,7 @@ bool LogVal::IsCompatibleType(BroType* t, bool atomic_only)
 	case TYPE_INTERVAL:
 	case TYPE_ENUM:
 	case TYPE_STRING:
+	case TYPE_FILE:
 		return true;

 	case TYPE_RECORD:
@ -206,6 +207,7 @@ bool LogVal::Read(SerializationFormat* fmt)

 	case TYPE_ENUM:
 	case TYPE_STRING:
+	case TYPE_FILE:
 		{
 		val.string_val = new string;
 		return fmt->Read(val.string_val, "string");
@ -309,6 +311,7 @@ bool LogVal::Write(SerializationFormat* fmt) const

 	case TYPE_ENUM:
 	case TYPE_STRING:
+	case TYPE_FILE:
 		return fmt->Write(*val.string_val, "string");

 	case TYPE_TABLE:
@ -574,6 +577,11 @@ bool LogMgr::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, Tabl
 				// That's ok, handle it with all the other types below.
 				}

+			else if ( t->Tag() == TYPE_FILE )
+				{
+				// That's ok, handle it with all the other types below.
+				}
+
 			else {
 				run_time("unsupported field type for log column");
 				return false;
@ -936,6 +944,13 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
 		break;
 		}

+	case TYPE_FILE:
+		{
+		const BroFile* f = val->AsFile();
+		lval->val.string_val = new string(f->Name());
+		break;
+		}
+
 	case TYPE_TABLE:
 		{
 		ListVal* set = val->AsTableVal()->ConvertToPureList();
--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@ -138,6 +138,7 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)

 	case TYPE_ENUM:
 	case TYPE_STRING:
+	case TYPE_FILE:
 		{
 		int size = val->val.string_val->size();
 		if ( size )
--- a/src/Type.cc
+++ b/src/Type.cc
@ -748,6 +748,8 @@ RecordType::RecordType(TypeList* arg_base, type_decl_list* refinements)

 void RecordType::Init(TypeList* arg_base)
 	{
+	assert(false);  // Is this ever used?
+
 	base = arg_base;

 	if ( ! base )
--- a/testing/btest/Baseline/logging.file/ssh.log
+++ b/testing/btest/Baseline/logging.file/ssh.log
@ -0,0 +1,2 @@
+# t	f
+1303098703.62603	Foo.log
--- a/testing/btest/logging/file.bro
+++ b/testing/btest/logging/file.bro
@ -0,0 +1,23 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		f: file;
+	} &log;
+}
+
+const foo_log = open_log_file("Foo") &redef;
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+	Log::write(SSH, [$t=network_time(), $f=foo_log]);
+}
+