Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

make raw reading work.

Browse source 
apparently there was a crash in the reader plugin, but main bro did not notice but waited for eternity for it do to something.
This commit is contained in:
Bernhard Amann 2012-03-16 07:53:29 -07:00
parent 57ffe1be77
commit 367c4b4a7e
3 changed files with 17 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/input/Manager.cc
View file

@ -220,11 +220,8 @@ bool Manager::CreateStream(Filter* info, RecordVal* description)
info->name = name; info->name = name;
info->source = source; info->source = source;
DBG_LOG(DBG_INPUT, "Successfully created new input stream %s",
#ifdef DEBUG name.c_str());
DBG_LOG(DBG_INPUT, "Successfully created new input stream %s",
name.c_str());
#endif
return true; return true;
@ -334,6 +331,10 @@ bool Manager::CreateEventStream(RecordVal* fval) {
filter->reader->Init(filter->source, filter->mode, filter->num_fields, logf ); filter->reader->Init(filter->source, filter->mode, filter->num_fields, logf );
readers[filter->reader] = filter; readers[filter->reader] = filter;
DBG_LOG(DBG_INPUT, "Successfully created event stream %s",
filter->name.c_str());
return true; return true;
} }
@ -483,11 +484,8 @@ bool Manager::CreateTableStream(RecordVal* fval) {
readers[filter->reader] = filter; readers[filter->reader] = filter;
DBG_LOG(DBG_INPUT, "Successfully created table stream %s",
#ifdef DEBUG filter->name.c_str());
DBG_LOG(DBG_INPUT, "Successfully created table stream %s",
filter->name.c_str());
#endif
return true; return true;
} }

9
src/input/readers/Raw.cc
View file

@ -64,6 +64,9 @@ bool Raw::DoInit(string path, int arg_mode, int arg_num_fields, const Field* con
return false; return false;
} }
num_fields = arg_num_fields;
fields = arg_fields;
if ( arg_num_fields != 1 ) { if ( arg_num_fields != 1 ) {
Error("Filter for raw reader contains more than one field. Filters for the raw reader may only contain exactly one string field. Filter ignored."); Error("Filter for raw reader contains more than one field. Filters for the raw reader may only contain exactly one string field. Filter ignored.");
return false; return false;
@ -74,8 +77,9 @@ bool Raw::DoInit(string path, int arg_mode, int arg_num_fields, const Field* con
return false; return false;
} }
num_fields = arg_num_fields; #ifdef DEBUG
fields = arg_fields; Debug(DBG_INPUT, "Raw reader created, will perform first update");
#endif
switch ( mode ) { switch ( mode ) {
case MANUAL: case MANUAL:
@ -87,6 +91,7 @@ bool Raw::DoInit(string path, int arg_mode, int arg_num_fields, const Field* con
assert(false); assert(false);
} }
return true; return true;
} }

9
testing/btest/scripts/base/frameworks/input/raw.bro
View file

@ -1,5 +1,5 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -16,10 +16,6 @@ sdf
module A; module A;
export {
redef enum Input::ID += { INPUT };
}
type Val: record { type Val: record {
s: string; s: string;
}; };
@ -30,6 +26,5 @@ event line(tpe: Input::Event, s: string) {
event bro_init() event bro_init()
{ {
Input::create_stream(A::INPUT, [$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM]); Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
Input::add_eventfilter(A::INPUT, [$name="input", $fields=Val, $ev=line]);
} }