From 823fba1713d9dc95717b3e942953152d8044fbff Mon Sep 17 00:00:00 2001
From: Daniel Thayer <dnthayer@illinois.edu>
Date: Fri, 25 Aug 2017 15:39:12 -0500
Subject: [PATCH] Fix ascii writer to not discard a ".gz" file extension

When Bro writes a compressed log, it uses a file extension of ".gz".
However, upon log rotation the ascii writer script function
"default_rotation_postprocessor_func" was discarding the ".gz"
file extension.  Fixed so that the correct file extension is
preserved after rotation.
---
 scripts/base/frameworks/logging/writers/ascii.bro | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.bro
index bbf11c26e7..6f2b03aafd 100644
--- a/scripts/base/frameworks/logging/writers/ascii.bro
+++ b/scripts/base/frameworks/logging/writers/ascii.bro
@@ -79,9 +79,12 @@ export {
 # runs the writer's default postprocessor command on it.
 function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool
 	{
+	# If the filename has a ".gz" extension, then keep it.
+	local gz = info$fname[-3:] == ".gz" ? ".gz" : "";
+
 	# Move file to name including both opening and closing time.
-	local dst = fmt("%s.%s.log", info$path,
-			strftime(Log::default_rotation_date_format, info$open));
+	local dst = fmt("%s.%s.log%s", info$path,
+			strftime(Log::default_rotation_date_format, info$open), gz);
 
 	system(fmt("/bin/mv %s %s", info$fname, dst));