mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
Fixing tests.
This commit is contained in:
Robin Sommer
parent
f884fc6c11
commit
996d118d68
5 changed files with 4 additions and 81 deletions
|
|
@ -1,60 +0,0 @@
|
||||||
##! Interface for the DataSeries log writer.
|
|
||||||
|
|
||||||
module LogDataSeries;
|
|
||||||
|
|
||||||
export {
|
|
||||||
## Compression to use with the DS output file. Options are:
|
|
||||||
##
|
|
||||||
## 'none' -- No compression.
|
|
||||||
## 'lzf' -- LZF compression (very quick, but leads to larger output files).
|
|
||||||
## 'lzo' -- LZO compression (very fast decompression times).
|
|
||||||
## 'zlib' -- GZIP compression (slower than LZF, but also produces smaller output).
|
|
||||||
## 'bz2' -- BZIP2 compression (slower than GZIP, but also produces smaller output).
|
|
||||||
const compression = "zlib" &redef;
|
|
||||||
|
|
||||||
## The extent buffer size.
|
|
||||||
## Larger values here lead to better compression and more efficient writes,
|
|
||||||
## but also increase the lag between the time events are received and
|
|
||||||
## the time they are actually written to disk.
|
|
||||||
const extent_size = 65536 &redef;
|
|
||||||
|
|
||||||
## Should we dump the XML schema we use for this DS file to disk?
|
|
||||||
## If yes, the XML schema shares the name of the logfile, but has
|
|
||||||
## an XML ending.
|
|
||||||
const dump_schema = F &redef;
|
|
||||||
|
|
||||||
## How many threads should DataSeries spawn to perform compression?
|
|
||||||
## Note that this dictates the number of threads per log stream. If
|
|
||||||
## you're using a lot of streams, you may want to keep this number
|
|
||||||
## relatively small.
|
|
||||||
##
|
|
||||||
## Default value is 1, which will spawn one thread / stream.
|
|
||||||
##
|
|
||||||
## Maximum is 128, minimum is 1.
|
|
||||||
const num_threads = 1 &redef;
|
|
||||||
|
|
||||||
## Should time be stored as an integer or a double?
|
|
||||||
## Storing time as a double leads to possible precision issues and
|
|
||||||
## can (significantly) increase the size of the resulting DS log.
|
|
||||||
## That said, timestamps stored in double form are consistent
|
|
||||||
## with the rest of Bro, including the standard ASCII log. Hence, we
|
|
||||||
## use them by default.
|
|
||||||
const use_integer_for_time = F &redef;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Default function to postprocess a rotated DataSeries log file. It moves the
|
|
||||||
# rotated file to a new name that includes a timestamp with the opening time,
|
|
||||||
# and then runs the writer's default postprocessor command on it.
|
|
||||||
function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool
|
|
||||||
{
|
|
||||||
# Move file to name including both opening and closing time.
|
|
||||||
local dst = fmt("%s.%s.ds", info$path,
|
|
||||||
strftime(Log::default_rotation_date_format, info$open));
|
|
||||||
|
|
||||||
system(fmt("/bin/mv %s %s", info$fname, dst));
|
|
||||||
|
|
||||||
# Run default postprocessor.
|
|
||||||
return Log::run_rotation_postprocessor_cmd(info, dst);
|
|
||||||
}
|
|
||||||
|
|
||||||
redef Log::default_rotation_postprocessors += { [Log::WRITER_DATASERIES] = default_rotation_postprocessor_func };
|
|
||||||
|
|
@ -98,7 +98,4 @@
|
||||||
@load tuning/defaults/packet-fragments.bro
|
@load tuning/defaults/packet-fragments.bro
|
||||||
@load tuning/defaults/warnings.bro
|
@load tuning/defaults/warnings.bro
|
||||||
@load tuning/json-logs.bro
|
@load tuning/json-logs.bro
|
||||||
@load tuning/logs-to-elasticsearch.bro
|
|
||||||
@load tuning/track-all-assets.bro
|
@load tuning/track-all-assets.bro
|
||||||
|
|
||||||
redef LogElasticSearch::server_host = "";
|
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path loaded_scripts
|
#path loaded_scripts
|
||||||
#open 2014-07-31-19-06-48
|
#open 2014-08-14-04-31-10
|
||||||
#fields name
|
#fields name
|
||||||
#types string
|
#types string
|
||||||
scripts/base/init-bare.bro
|
scripts/base/init-bare.bro
|
||||||
|
|
@ -21,9 +21,7 @@ scripts/base/init-bare.bro
|
||||||
scripts/base/frameworks/logging/postprocessors/scp.bro
|
scripts/base/frameworks/logging/postprocessors/scp.bro
|
||||||
scripts/base/frameworks/logging/postprocessors/sftp.bro
|
scripts/base/frameworks/logging/postprocessors/sftp.bro
|
||||||
scripts/base/frameworks/logging/writers/ascii.bro
|
scripts/base/frameworks/logging/writers/ascii.bro
|
||||||
scripts/base/frameworks/logging/writers/dataseries.bro
|
|
||||||
scripts/base/frameworks/logging/writers/sqlite.bro
|
scripts/base/frameworks/logging/writers/sqlite.bro
|
||||||
scripts/base/frameworks/logging/writers/elasticsearch.bro
|
|
||||||
scripts/base/frameworks/logging/writers/none.bro
|
scripts/base/frameworks/logging/writers/none.bro
|
||||||
scripts/base/frameworks/input/__load__.bro
|
scripts/base/frameworks/input/__load__.bro
|
||||||
scripts/base/frameworks/input/main.bro
|
scripts/base/frameworks/input/main.bro
|
||||||
|
|
@ -111,10 +109,8 @@ scripts/base/init-bare.bro
|
||||||
build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro
|
build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
|
build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
|
build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_DataSeriesWriter.dataseries.bif.bro
|
|
||||||
build/scripts/base/bif/plugins/Bro_ElasticSearchWriter.elasticsearch.bif.bro
|
|
||||||
build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro
|
build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
|
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
|
||||||
scripts/policy/misc/loaded-scripts.bro
|
scripts/policy/misc/loaded-scripts.bro
|
||||||
scripts/base/utils/paths.bro
|
scripts/base/utils/paths.bro
|
||||||
#close 2014-07-31-19-06-48
|
#close 2014-08-14-04-31-10
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
#empty_field (empty)
|
#empty_field (empty)
|
||||||
#unset_field -
|
#unset_field -
|
||||||
#path loaded_scripts
|
#path loaded_scripts
|
||||||
#open 2014-07-31-19-07-23
|
#open 2014-08-14-04-31-11
|
||||||
#fields name
|
#fields name
|
||||||
#types string
|
#types string
|
||||||
scripts/base/init-bare.bro
|
scripts/base/init-bare.bro
|
||||||
|
|
@ -21,9 +21,7 @@ scripts/base/init-bare.bro
|
||||||
scripts/base/frameworks/logging/postprocessors/scp.bro
|
scripts/base/frameworks/logging/postprocessors/scp.bro
|
||||||
scripts/base/frameworks/logging/postprocessors/sftp.bro
|
scripts/base/frameworks/logging/postprocessors/sftp.bro
|
||||||
scripts/base/frameworks/logging/writers/ascii.bro
|
scripts/base/frameworks/logging/writers/ascii.bro
|
||||||
scripts/base/frameworks/logging/writers/dataseries.bro
|
|
||||||
scripts/base/frameworks/logging/writers/sqlite.bro
|
scripts/base/frameworks/logging/writers/sqlite.bro
|
||||||
scripts/base/frameworks/logging/writers/elasticsearch.bro
|
|
||||||
scripts/base/frameworks/logging/writers/none.bro
|
scripts/base/frameworks/logging/writers/none.bro
|
||||||
scripts/base/frameworks/input/__load__.bro
|
scripts/base/frameworks/input/__load__.bro
|
||||||
scripts/base/frameworks/input/main.bro
|
scripts/base/frameworks/input/main.bro
|
||||||
|
|
@ -111,8 +109,6 @@ scripts/base/init-bare.bro
|
||||||
build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro
|
build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
|
build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
|
build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_DataSeriesWriter.dataseries.bif.bro
|
|
||||||
build/scripts/base/bif/plugins/Bro_ElasticSearchWriter.elasticsearch.bif.bro
|
|
||||||
build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro
|
build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro
|
||||||
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
|
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
|
||||||
scripts/base/init-default.bro
|
scripts/base/init-default.bro
|
||||||
|
|
@ -246,4 +242,4 @@ scripts/base/init-default.bro
|
||||||
scripts/base/misc/find-checksum-offloading.bro
|
scripts/base/misc/find-checksum-offloading.bro
|
||||||
scripts/base/misc/find-filtered-trace.bro
|
scripts/base/misc/find-filtered-trace.bro
|
||||||
scripts/policy/misc/loaded-scripts.bro
|
scripts/policy/misc/loaded-scripts.bro
|
||||||
#close 2014-07-31-19-07-23
|
#close 2014-08-14-04-31-11
|
||||||
|
|
|
||||||
6
testing/external/scripts/testing-setup.bro
vendored
6
testing/external/scripts/testing-setup.bro
vendored
|
|
@ -5,12 +5,6 @@
|
||||||
redef SMTP::never_calc_md5 = T;
|
redef SMTP::never_calc_md5 = T;
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
@ifdef ( LogElasticSearch::server_host )
|
|
||||||
# Set to empty so that logs-to-elasticsearch.bro doesn't try to setup
|
|
||||||
#log forwarding to ES.
|
|
||||||
redef LogElasticSearch::server_host = "";
|
|
||||||
@endif
|
|
||||||
|
|
||||||
@ifdef ( LogAscii::use_json )
|
@ifdef ( LogAscii::use_json )
|
||||||
# Don't start logging everything as JSON.
|
# Don't start logging everything as JSON.
|
||||||
# (json-logs.bro activates this).
|
# (json-logs.bro activates this).
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue