Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/timw/360-log-gzip'

Browse source 
* origin/topic/timw/360-log-gzip:
  Add new LogAscii::gzip_file_extension option.

Adjusted documentation during merge.
This commit is contained in:
Jon Siwek 2019-08-13 13:48:47 -07:00
commit 9ccf3549fd
9 changed files with 44 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
CHANGES
View file

@ -1,4 +1,11 @@
3.1.0-dev.30 | 2019-08-13 13:48:47 -0700
* Add new LogAscii::gzip_file_extension option. (Tim Wojtulewicz, Corelight)
This can be used with the LogAscii::gzip_level option to set the file
extension of log files when they are compressed at creation time.
3.1.0-dev.28 | 2019-08-13 12:01:44 -0700 3.1.0-dev.28 | 2019-08-13 12:01:44 -0700
* Remove redundant buffering in ContentLine analyzer (Justin Azoff) * Remove redundant buffering in ContentLine analyzer (Justin Azoff)

2
VERSION
View file

@ -1 +1 @@
3.1.0-dev.28 3.1.0-dev.30

2
aux/zeekctl

@ -1 +1 @@
Subproject commit 0c0589c694555342463c879f18a26a810f563f76 Subproject commit bddf60f395051abaedcf4f90f8c78a7371ac6227

2
doc

@ -1 +1 @@
Subproject commit fdffd68e3dd021ce945c337855ef0d4e3a3a2b1d Subproject commit db47d9bfe279b5f55722d89f8c8522ba501dcf1a

9
scripts/base/frameworks/logging/writers/ascii.zeek
View file

@ -34,11 +34,18 @@ export {
## Define the gzip level to compress the logs. If 0, then no gzip ## Define the gzip level to compress the logs. If 0, then no gzip
## compression is performed. Enabling compression also changes ## compression is performed. Enabling compression also changes
## the log file name extension to include ".gz". ## the log file name extension to include the value of
## :zeek:see:`LogAscii::gzip_file_extension`.
## ##
## This option is also available as a per-filter ``$config`` option. ## This option is also available as a per-filter ``$config`` option.
const gzip_level = 0 &redef; const gzip_level = 0 &redef;
## Define the file extension used when compressing log files when
## they are created with the :zeek:see:`LogAscii::gzip_level` option.
##
## This option is also available as a per-filter ``$config`` option.
const gzip_file_extension = "gz" &redef;
## Format of timestamps when writing out JSON. By default, the JSON ## Format of timestamps when writing out JSON. By default, the JSON
## formatter will use double values for timestamps which represent the ## formatter will use double values for timestamps which represent the
## number of seconds from the UNIX epoch. ## number of seconds from the UNIX epoch.

26
src/logging/writers/ascii/Ascii.cc
View file

@ -71,6 +71,11 @@ void Ascii::InitConfigOptions()
(const char*) tsfmt.Bytes(), (const char*) tsfmt.Bytes(),
tsfmt.Len() tsfmt.Len()
); );
gzip_file_extension.assign(
(const char*) BifConst::LogAscii::gzip_file_extension->Bytes(),
BifConst::LogAscii::gzip_file_extension->Len()
);
} }
bool Ascii::InitFilterOptions() bool Ascii::InitFilterOptions()
@ -160,6 +165,9 @@ bool Ascii::InitFilterOptions()
else if ( strcmp(i->first, "json_timestamps") == 0 ) else if ( strcmp(i->first, "json_timestamps") == 0 )
json_timestamps.assign(i->second); json_timestamps.assign(i->second);
else if ( strcmp(i->first, "gzip_file_extension") == 0 )
gzip_file_extension.assign(i->second);
} }
if ( ! InitFormatter() ) if ( ! InitFormatter() )
@ -252,8 +260,13 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const *
if ( output_to_stdout ) if ( output_to_stdout )
path = "/dev/stdout"; path = "/dev/stdout";
fname = IsSpecial(path) ? path : path + "." + LogExt() + fname = IsSpecial(path) ? path : path + "." + LogExt();
(gzip_level > 0 ? ".gz" : "");
if ( gzip_level > 0 )
{
fname += ".";
fname += gzip_file_extension.empty() ? "gz" : gzip_file_extension;
}
fd = open(fname.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666); fd = open(fname.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666);
@ -427,8 +440,13 @@ bool Ascii::DoRotate(const char* rotated_path, double open, double close, bool t
CloseFile(close); CloseFile(close);
string nname = string(rotated_path) + "." + LogExt() + string nname = string(rotated_path) + "." + LogExt();
(gzip_level > 0 ? ".gz" : "");
if ( gzip_level > 0 )
{
nname += ".";
nname += gzip_file_extension.empty() ? "gz" : gzip_file_extension;
}
if ( rename(fname.c_str(), nname.c_str()) != 0 ) if ( rename(fname.c_str(), nname.c_str()) != 0 )
{ {

1
src/logging/writers/ascii/Ascii.h
View file

@ -64,6 +64,7 @@ private:
string meta_prefix; string meta_prefix;
int gzip_level; // level > 0 enables gzip compression int gzip_level; // level > 0 enables gzip compression
string gzip_file_extension;
bool use_json; bool use_json;
bool enable_utf_8; bool enable_utf_8;
string json_timestamps; string json_timestamps;

1
src/logging/writers/ascii/ascii.bif
View file

@ -14,3 +14,4 @@ const use_json: bool;
const enable_utf_8: bool; const enable_utf_8: bool;
const json_timestamps: JSON::TimestampFormat; const json_timestamps: JSON::TimestampFormat;
const gzip_level: count; const gzip_level: count;
const gzip_file_extension: string;

3
testing/btest/scripts/base/frameworks/logging/ascii-gz.zeek
View file

@ -1,12 +1,13 @@
# #
# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: zeek -b %INPUT
# @TEST-EXEC: gunzip ssh.log.gz # @TEST-EXEC: gunzip -S .gzip ssh.log.gzip
# @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.log
# @TEST-EXEC: btest-diff ssh-uncompressed.log # @TEST-EXEC: btest-diff ssh-uncompressed.log
# #
# Testing all possible types. # Testing all possible types.
redef LogAscii::gzip_level = 9; redef LogAscii::gzip_level = 9;
redef LogAscii::gzip_file_extension = "gzip";
module SSH; module SSH;