From 93584c7c7f4981881349bb5b33de1a7d66ded9a9 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Wed, 6 Jul 2022 12:13:32 +0200
Subject: [PATCH] logging/sqlite: Recognize Log::default_logdir and place files
 there if set

---
 src/logging/writers/sqlite/SQLite.cc          |  8 +++-
 .../ls.logs                                   |  3 ++
 .../test.select                               | 21 +++++++++
 .../zeek.out                                  |  2 +
 .../logging/sqlite/default-logdir.zeek        | 46 +++++++++++++++++++
 5 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/ls.logs
 create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/test.select
 create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/zeek.out
 create mode 100644 testing/btest/scripts/base/frameworks/logging/sqlite/default-logdir.zeek

diff --git a/src/logging/writers/sqlite/SQLite.cc b/src/logging/writers/sqlite/SQLite.cc
index 4fd2e54e90..95bf5d4a6a 100644
--- a/src/logging/writers/sqlite/SQLite.cc
+++ b/src/logging/writers/sqlite/SQLite.cc
@@ -10,6 +10,7 @@
 
 #include "zeek/logging/writers/sqlite/sqlite.bif.h"
 #include "zeek/threading/SerialTypes.h"
+#include "zeek/util.h"
 
 using namespace std;
 using zeek::threading::Field;
@@ -128,8 +129,11 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
 	num_fields = arg_num_fields;
 	fields = arg_fields;
 
-	string fullpath(info.path);
-	fullpath.append(".sqlite");
+	auto fullpath = zeek::filesystem::path(
+		zeek::id::find_const<StringVal>("Log::default_logdir")->ToStdString());
+
+	fullpath /= info.path;
+	fullpath += ".sqlite";
 	string tablename;
 
 	WriterInfo::config_map::const_iterator it = info.config.find("tablename");
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/ls.logs b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/ls.logs
new file mode 100644
index 0000000000..d31d0d2566
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/ls.logs
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+./logs/reporter.sqlite
+./logs/test.sqlite
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/test.select b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/test.select
new file mode 100644
index 0000000000..63564a8c79
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/test.select
@@ -0,0 +1,21 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1024
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|0
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1025
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|1
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1026
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|2
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1027
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|3
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1028
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|4
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1029
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|5
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1030
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|6
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1031
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|7
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1032
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|8
+XXXXXXXXXX.XXXXXX|10.0.0.1|20|10.0.0.2|1033
+XXXXXXXXXX.XXXXXX|10.0.0.2|20|10.0.0.3|9
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/zeek.out b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/zeek.out
new file mode 100644
index 0000000000..1d37b57d25
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.default-logdir/zeek.out
@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+XXXXXXXXXX.XXXXXX test/Log::WRITER_SQLITE: tablename configuration option not found. Defaulting to path test
diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/default-logdir.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/default-logdir.zeek
new file mode 100644
index 0000000000..0dd5023ce8
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/logging/sqlite/default-logdir.zeek
@@ -0,0 +1,46 @@
+#
+# @TEST-REQUIRES: which sqlite3
+# @TEST-REQUIRES: has-writer Zeek::SQLiteWriter
+# @TEST-GROUP: sqlite
+#
+# @TEST-EXEC: mkdir logs
+# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT >zeek.out 2>&1
+# @TEST-EXEC: ls ./logs/* > ls.logs
+# @TEST-EXEC: sqlite3 ./logs/test.sqlite 'select * from test' > test.select
+# @TEST-EXEC: btest-diff test.select
+# @TEST-EXEC: btest-diff ls.logs
+# @TEST-EXEC: btest-diff zeek.out
+#
+# @TEST-DOC: Configure Log::default_writer, Log::default_logdir and ensure the test.sqlite database is in ./logs
+
+redef Log::default_writer = Log::WRITER_SQLITE;
+redef Log::default_logdir = "./logs";
+
+# Also enable log-rotation, but it has no effect on sqlite.
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor_cmd = "echo";
+
+redef LogSQLite::unset_field = "(unset)";
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { LOG };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	} &log;
+}
+event zeek_init()
+	{
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
+	}