From 99d9a3a48c9c2469d6bc8f58add43901ab901901 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 25 Aug 2020 17:04:12 -0700 Subject: [PATCH] Fix closing timestamp of rotated log files in supervised-cluster mode --- CHANGES | 4 + VERSION | 2 +- auxil/zeek-archiver | 2 +- .../base/frameworks/cluster/nodes/logger.zeek | 2 +- .../out | 116 +++++++++--------- .../logging/rotate-custom-fmt-func.zeek | 2 +- 6 files changed, 66 insertions(+), 62 deletions(-) diff --git a/CHANGES b/CHANGES index 9c5b21cf4d..a9e1d103a2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +3.3.0-dev.196 | 2020-08-25 17:04:12 -0700 + + * Fix closing timestamp of rotated log files in supervised-cluster mode (Jon Siwek, Corelight) + 3.3.0-dev.195 | 2020-08-25 14:32:47 -0700 * Improve an Intel framework btest (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index ef41dcfd59..2a949c2d8b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.3.0-dev.195 +3.3.0-dev.196 diff --git a/auxil/zeek-archiver b/auxil/zeek-archiver index 32715bf132..107b7bd51d 160000 --- a/auxil/zeek-archiver +++ b/auxil/zeek-archiver @@ -1 +1 @@ -Subproject commit 32715bf13222610960f9f1969d6b661d59874aa7 +Subproject commit 107b7bd51d530df888996553123992d05f1ee27b diff --git a/scripts/base/frameworks/cluster/nodes/logger.zeek b/scripts/base/frameworks/cluster/nodes/logger.zeek index bef900a698..e8ccfe97db 100644 --- a/scripts/base/frameworks/cluster/nodes/logger.zeek +++ b/scripts/base/frameworks/cluster/nodes/logger.zeek @@ -29,7 +29,7 @@ redef Log::default_rotation_dir = "log-queue"; function supervisor_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationPath { local open_str = strftime(Log::default_rotation_date_format, ri$open); - local close_str = strftime(Log::default_rotation_date_format, ri$open); + local close_str = strftime(Log::default_rotation_date_format, ri$close); local base = fmt("%s__%s__%s__", ri$path, open_str, close_str); local rval = Log::RotationPath($file_basename=base); return rval; diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/out b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/out index 5df962dda3..b7cfe1ffd4 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/out @@ -1,32 +1,32 @@ -1st test__2011-03-07-03-00-05__2011-03-07-03-00-05__.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 ascii -1st test__2011-03-07-04-00-05__2011-03-07-04-00-05__.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 ascii -1st test__2011-03-07-05-00-05__2011-03-07-05-00-05__.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 ascii -1st test__2011-03-07-06-00-05__2011-03-07-06-00-05__.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 ascii -1st test__2011-03-07-07-00-05__2011-03-07-07-00-05__.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 ascii -1st test__2011-03-07-08-00-05__2011-03-07-08-00-05__.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 ascii -1st test__2011-03-07-09-00-05__2011-03-07-09-00-05__.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 ascii -1st test__2011-03-07-10-00-05__2011-03-07-10-00-05__.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 ascii -1st test__2011-03-07-11-00-05__2011-03-07-11-00-05__.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 ascii -1st test__2011-03-07-12-00-05__2011-03-07-12-00-05__.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-03-00-05__2011-03-07-03-00-05__.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-03-59-55__2011-03-07-03-59-55__.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-04-00-05__2011-03-07-04-00-05__.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-04-59-55__2011-03-07-04-59-55__.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-05-00-05__2011-03-07-05-00-05__.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-05-59-55__2011-03-07-05-59-55__.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-06-00-05__2011-03-07-06-00-05__.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-06-59-55__2011-03-07-06-59-55__.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-07-00-05__2011-03-07-07-00-05__.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-07-59-55__2011-03-07-07-59-55__.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-08-00-05__2011-03-07-08-00-05__.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-08-59-55__2011-03-07-08-59-55__.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-09-00-05__2011-03-07-09-00-05__.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-09-59-55__2011-03-07-09-59-55__.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-10-00-05__2011-03-07-10-00-05__.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-10-59-55__2011-03-07-10-59-55__.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-11-00-05__2011-03-07-11-00-05__.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-11-59-55__2011-03-07-11-59-55__.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F] -custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-12-00-05__2011-03-07-12-00-05__.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] +1st test__2011-03-07-03-00-05__2011-03-07-04-00-05__.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 ascii +1st test__2011-03-07-04-00-05__2011-03-07-05-00-05__.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 ascii +1st test__2011-03-07-05-00-05__2011-03-07-06-00-05__.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 ascii +1st test__2011-03-07-06-00-05__2011-03-07-07-00-05__.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 ascii +1st test__2011-03-07-07-00-05__2011-03-07-08-00-05__.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 ascii +1st test__2011-03-07-08-00-05__2011-03-07-09-00-05__.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 ascii +1st test__2011-03-07-09-00-05__2011-03-07-10-00-05__.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 ascii +1st test__2011-03-07-10-00-05__2011-03-07-11-00-05__.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 ascii +1st test__2011-03-07-11-00-05__2011-03-07-12-00-05__.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 ascii +1st test__2011-03-07-12-00-05__2011-03-07-12-59-55__.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-03-00-05__2011-03-07-03-59-55__.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-03-59-55__2011-03-07-04-00-05__.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-04-00-05__2011-03-07-04-59-55__.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-04-59-55__2011-03-07-05-00-05__.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-05-00-05__2011-03-07-05-59-55__.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-05-59-55__2011-03-07-06-00-05__.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-06-00-05__2011-03-07-06-59-55__.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-06-59-55__2011-03-07-07-00-05__.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-07-00-05__2011-03-07-07-59-55__.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-07-59-55__2011-03-07-08-00-05__.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-08-00-05__2011-03-07-08-59-55__.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-08-59-55__2011-03-07-09-00-05__.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-09-00-05__2011-03-07-09-59-55__.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-09-59-55__2011-03-07-10-00-05__.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-10-00-05__2011-03-07-10-59-55__.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-10-59-55__2011-03-07-11-00-05__.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-11-00-05__2011-03-07-11-59-55__.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-11-59-55__2011-03-07-12-00-05__.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F] +custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-12-00-05__2011-03-07-12-59-55__.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-12-59-55__2011-03-07-12-59-55__.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T] #close XXXX-XX-XX-XX-XX-XX #empty_field (empty) @@ -58,33 +58,33 @@ XXXXXXXXXX.XXXXXX 10.0.0.1 20 10.0.0.2 1032 XXXXXXXXXX.XXXXXX 10.0.0.2 20 10.0.0.3 8 XXXXXXXXXX.XXXXXX 10.0.0.1 20 10.0.0.2 1033 XXXXXXXXXX.XXXXXX 10.0.0.2 20 10.0.0.3 9 -> test2__2011-03-07-03-00-05__2011-03-07-03-00-05__.log -> test2__2011-03-07-03-59-55__2011-03-07-03-59-55__.log -> test2__2011-03-07-04-00-05__2011-03-07-04-00-05__.log -> test2__2011-03-07-04-59-55__2011-03-07-04-59-55__.log -> test2__2011-03-07-05-00-05__2011-03-07-05-00-05__.log -> test2__2011-03-07-05-59-55__2011-03-07-05-59-55__.log -> test2__2011-03-07-06-00-05__2011-03-07-06-00-05__.log -> test2__2011-03-07-06-59-55__2011-03-07-06-59-55__.log -> test2__2011-03-07-07-00-05__2011-03-07-07-00-05__.log -> test2__2011-03-07-07-59-55__2011-03-07-07-59-55__.log -> test2__2011-03-07-08-00-05__2011-03-07-08-00-05__.log -> test2__2011-03-07-08-59-55__2011-03-07-08-59-55__.log -> test2__2011-03-07-09-00-05__2011-03-07-09-00-05__.log -> test2__2011-03-07-09-59-55__2011-03-07-09-59-55__.log -> test2__2011-03-07-10-00-05__2011-03-07-10-00-05__.log -> test2__2011-03-07-10-59-55__2011-03-07-10-59-55__.log -> test2__2011-03-07-11-00-05__2011-03-07-11-00-05__.log -> test2__2011-03-07-11-59-55__2011-03-07-11-59-55__.log -> test2__2011-03-07-12-00-05__2011-03-07-12-00-05__.log +> test2__2011-03-07-03-00-05__2011-03-07-03-59-55__.log +> test2__2011-03-07-03-59-55__2011-03-07-04-00-05__.log +> test2__2011-03-07-04-00-05__2011-03-07-04-59-55__.log +> test2__2011-03-07-04-59-55__2011-03-07-05-00-05__.log +> test2__2011-03-07-05-00-05__2011-03-07-05-59-55__.log +> test2__2011-03-07-05-59-55__2011-03-07-06-00-05__.log +> test2__2011-03-07-06-00-05__2011-03-07-06-59-55__.log +> test2__2011-03-07-06-59-55__2011-03-07-07-00-05__.log +> test2__2011-03-07-07-00-05__2011-03-07-07-59-55__.log +> test2__2011-03-07-07-59-55__2011-03-07-08-00-05__.log +> test2__2011-03-07-08-00-05__2011-03-07-08-59-55__.log +> test2__2011-03-07-08-59-55__2011-03-07-09-00-05__.log +> test2__2011-03-07-09-00-05__2011-03-07-09-59-55__.log +> test2__2011-03-07-09-59-55__2011-03-07-10-00-05__.log +> test2__2011-03-07-10-00-05__2011-03-07-10-59-55__.log +> test2__2011-03-07-10-59-55__2011-03-07-11-00-05__.log +> test2__2011-03-07-11-00-05__2011-03-07-11-59-55__.log +> test2__2011-03-07-11-59-55__2011-03-07-12-00-05__.log +> test2__2011-03-07-12-00-05__2011-03-07-12-59-55__.log > test2__2011-03-07-12-59-55__2011-03-07-12-59-55__.log -> test__2011-03-07-03-00-05__2011-03-07-03-00-05__.log -> test__2011-03-07-04-00-05__2011-03-07-04-00-05__.log -> test__2011-03-07-05-00-05__2011-03-07-05-00-05__.log -> test__2011-03-07-06-00-05__2011-03-07-06-00-05__.log -> test__2011-03-07-07-00-05__2011-03-07-07-00-05__.log -> test__2011-03-07-08-00-05__2011-03-07-08-00-05__.log -> test__2011-03-07-09-00-05__2011-03-07-09-00-05__.log -> test__2011-03-07-10-00-05__2011-03-07-10-00-05__.log -> test__2011-03-07-11-00-05__2011-03-07-11-00-05__.log -> test__2011-03-07-12-00-05__2011-03-07-12-00-05__.log +> test__2011-03-07-03-00-05__2011-03-07-04-00-05__.log +> test__2011-03-07-04-00-05__2011-03-07-05-00-05__.log +> test__2011-03-07-05-00-05__2011-03-07-06-00-05__.log +> test__2011-03-07-06-00-05__2011-03-07-07-00-05__.log +> test__2011-03-07-07-00-05__2011-03-07-08-00-05__.log +> test__2011-03-07-08-00-05__2011-03-07-09-00-05__.log +> test__2011-03-07-09-00-05__2011-03-07-10-00-05__.log +> test__2011-03-07-10-00-05__2011-03-07-11-00-05__.log +> test__2011-03-07-11-00-05__2011-03-07-12-00-05__.log +> test__2011-03-07-12-00-05__2011-03-07-12-59-55__.log diff --git a/testing/btest/scripts/base/frameworks/logging/rotate-custom-fmt-func.zeek b/testing/btest/scripts/base/frameworks/logging/rotate-custom-fmt-func.zeek index 8cfe45a45e..0944d5d10d 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate-custom-fmt-func.zeek +++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom-fmt-func.zeek @@ -21,7 +21,7 @@ export { function my_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationPath { local open_str = strftime(Log::default_rotation_date_format, ri$open); - local close_str = strftime(Log::default_rotation_date_format, ri$open); + local close_str = strftime(Log::default_rotation_date_format, ri$close); local base = fmt("%s__%s__%s__", ri$path, open_str, close_str); local rval = Log::RotationPath($file_basename=base); return rval;