diff --git a/CHANGES b/CHANGES index cb0e281037..cb508d7b27 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +3.3.0-dev.361 | 2020-10-06 10:13:37 -0700 + + * logging/ascii: Support leftover log rotation in non-supervisor setups (Arne Welzel, Corelight) + + Allow enabling leftover log rotation through + LogAscii::enable_leftover_log_rotation and redef this for the + logger node in a supervisor setup individually. + 3.3.0-dev.359 | 2020-10-02 10:49:35 -0700 * GH-1180: Add external dependency include paths to `zeek-config --include_dir` (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 31cc344cb1..9a01aa83e7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.3.0-dev.359 +3.3.0-dev.361 diff --git a/scripts/base/frameworks/cluster/nodes/logger.zeek b/scripts/base/frameworks/cluster/nodes/logger.zeek index e8ccfe97db..772d512658 100644 --- a/scripts/base/frameworks/cluster/nodes/logger.zeek +++ b/scripts/base/frameworks/cluster/nodes/logger.zeek @@ -37,6 +37,8 @@ function supervisor_rotation_format_func(ri: Log::RotationFmtInfo): Log::Rotatio redef Log::rotation_format_func = supervisor_rotation_format_func; +redef LogAscii::enable_leftover_log_rotation = T; + @else ## Use the cluster's archive logging script. diff --git a/scripts/base/frameworks/logging/writers/ascii.zeek b/scripts/base/frameworks/logging/writers/ascii.zeek index 789d6d59af..0ebdde22e0 100644 --- a/scripts/base/frameworks/logging/writers/ascii.zeek +++ b/scripts/base/frameworks/logging/writers/ascii.zeek @@ -26,6 +26,14 @@ export { ## This option is also available as a per-filter ``$config`` option. const use_json = F &redef; + ## If true, detect log files that did not get properly rotated + ## by a previous Zeek process (e.g. due to crash) and rotate them. + ## + ## This requires a positive rotation interval to be configured + ## to have an effect. E.g. via :zeek:see:`Log::default_rotation_interval` + ## or the *interv* field of a :zeek:see:`Log::Filter`. + const enable_leftover_log_rotation = F &redef; + ## If true, valid UTF-8 sequences will pass through unescaped and be ## written into logs. ## diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc index 6920ff3d8f..e417998596 100644 --- a/src/logging/writers/ascii/Ascii.cc +++ b/src/logging/writers/ascii/Ascii.cc @@ -16,7 +16,6 @@ #include "Func.h" #include "RunState.h" -#include "supervisor/Supervisor.h" #include "logging/Manager.h" #include "threading/SerialTypes.h" @@ -450,7 +449,7 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const threading::Fiel fname += ext; - bool use_shadow = Supervisor::ThisNode() && info.rotation_interval > 0; + bool use_shadow = BifConst::LogAscii::enable_leftover_log_rotation && Info().rotation_interval > 0; if ( use_shadow ) { @@ -667,7 +666,7 @@ bool Ascii::DoRotate(const char* rotated_path, double open, double close, bool t return false; } - bool use_shadow = Supervisor::ThisNode() && Info().rotation_interval > 0; + bool use_shadow = BifConst::LogAscii::enable_leftover_log_rotation && Info().rotation_interval > 0; if ( use_shadow ) { @@ -744,7 +743,7 @@ static std::vector find_leftover_logs() void Ascii::RotateLeftoverLogs() { - if ( ! Supervisor::ThisNode() ) + if ( ! BifConst::LogAscii::enable_leftover_log_rotation ) return; // Log file crash recovery: if there's still leftover shadow files from the diff --git a/src/logging/writers/ascii/ascii.bif b/src/logging/writers/ascii/ascii.bif index b18b22a624..0b3323a76c 100644 --- a/src/logging/writers/ascii/ascii.bif +++ b/src/logging/writers/ascii/ascii.bif @@ -11,6 +11,7 @@ const set_separator: string; const empty_field: string; const unset_field: string; const use_json: bool; +const enable_leftover_log_rotation: bool; const enable_utf_8: bool; const json_timestamps: JSON::TimestampFormat; const gzip_level: count;