Add Log::rotation_format_func and Log::default_rotation_dir options

These may be redefined to customize log rotation path prefixes, including use of a directory. File extensions are still up to individual log writers to add themselves during the actual rotation. These new also allow for some simplication to the default ASCII postprocessor function: it eliminates the need for it doing an extra/awkward rename() operation that only changes the timestamp format. This also teaches the supervisor framework to use these new options to rotate ascii logs into a log-queue/ directory with a specific file name format (intended for an external archiver process to monitor separately).
2025-10-07 00:58:19 +00:00 · 2020-06-27 22:43:37 -07:00 · 2020-06-27 22:43:37 -07:00 · a06ef66edc
commit a06ef66edc
parent 6e67a40d24
21 changed files with 510 additions and 118 deletions
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -282,7 +282,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -463,7 +463,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -499,6 +499,7 @@
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
@ -1204,7 +1205,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1385,7 +1386,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@ -1421,6 +1422,7 @@
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
@ -2125,7 +2127,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2306,7 +2308,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@ -2342,6 +2344,7 @@
 0.000000 | HookCallFunction Option::set_change_handler(Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
@ -2759,7 +2762,7 @@
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLoadFile  base<...>/zeek.bif.zeek
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1593810429.768109, node=zeek, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent filter_change_tracking()
 0.000000 | HookQueueEvent zeek_init()
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/.stderr
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/.stderr
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom-fmt-func/out
@ -0,0 +1,90 @@
+1st test__2011-03-07-03-00-05__2011-03-07-03-00-05__.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 ascii
+1st test__2011-03-07-04-00-05__2011-03-07-04-00-05__.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 ascii
+1st test__2011-03-07-05-00-05__2011-03-07-05-00-05__.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 ascii
+1st test__2011-03-07-06-00-05__2011-03-07-06-00-05__.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 ascii
+1st test__2011-03-07-07-00-05__2011-03-07-07-00-05__.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 ascii
+1st test__2011-03-07-08-00-05__2011-03-07-08-00-05__.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 ascii
+1st test__2011-03-07-09-00-05__2011-03-07-09-00-05__.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 ascii
+1st test__2011-03-07-10-00-05__2011-03-07-10-00-05__.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 ascii
+1st test__2011-03-07-11-00-05__2011-03-07-11-00-05__.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 ascii
+1st test__2011-03-07-12-00-05__2011-03-07-12-00-05__.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-03-00-05__2011-03-07-03-00-05__.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-03-59-55__2011-03-07-03-59-55__.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-04-00-05__2011-03-07-04-00-05__.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-04-59-55__2011-03-07-04-59-55__.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-05-00-05__2011-03-07-05-00-05__.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-05-59-55__2011-03-07-05-59-55__.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-06-00-05__2011-03-07-06-00-05__.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-06-59-55__2011-03-07-06-59-55__.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-07-00-05__2011-03-07-07-00-05__.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-07-59-55__2011-03-07-07-59-55__.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-08-00-05__2011-03-07-08-00-05__.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-08-59-55__2011-03-07-08-59-55__.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-09-00-05__2011-03-07-09-00-05__.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-09-59-55__2011-03-07-09-59-55__.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-10-00-05__2011-03-07-10-00-05__.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-10-59-55__2011-03-07-10-59-55__.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-11-00-05__2011-03-07-11-00-05__.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-11-59-55__2011-03-07-11-59-55__.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-12-00-05__2011-03-07-12-00-05__.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
+custom rotate, [writer=Log::WRITER_ASCII, fname=test2__2011-03-07-12-59-55__2011-03-07-12-59-55__.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
+#close XXXX-XX-XX-XX-XX-XX
+#empty_field	(empty)
+#fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
+#open XXXX-XX-XX-XX-XX-XX
+#path	test
+#path	test2
+#separator \x09
+#set_separator	,
+#types	time	addr	port	addr	port
+#unset_field	-
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1024
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	0
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1025
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	1
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1026
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	2
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1027
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	3
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1028
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	4
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1029
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	5
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1030
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	6
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1031
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	7
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1032
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	8
+XXXXXXXXXX.XXXXXX	10.0.0.1	20	10.0.0.2	1033
+XXXXXXXXXX.XXXXXX	10.0.0.2	20	10.0.0.3	9
+> test2__2011-03-07-03-00-05__2011-03-07-03-00-05__.log
+> test2__2011-03-07-03-59-55__2011-03-07-03-59-55__.log
+> test2__2011-03-07-04-00-05__2011-03-07-04-00-05__.log
+> test2__2011-03-07-04-59-55__2011-03-07-04-59-55__.log
+> test2__2011-03-07-05-00-05__2011-03-07-05-00-05__.log
+> test2__2011-03-07-05-59-55__2011-03-07-05-59-55__.log
+> test2__2011-03-07-06-00-05__2011-03-07-06-00-05__.log
+> test2__2011-03-07-06-59-55__2011-03-07-06-59-55__.log
+> test2__2011-03-07-07-00-05__2011-03-07-07-00-05__.log
+> test2__2011-03-07-07-59-55__2011-03-07-07-59-55__.log
+> test2__2011-03-07-08-00-05__2011-03-07-08-00-05__.log
+> test2__2011-03-07-08-59-55__2011-03-07-08-59-55__.log
+> test2__2011-03-07-09-00-05__2011-03-07-09-00-05__.log
+> test2__2011-03-07-09-59-55__2011-03-07-09-59-55__.log
+> test2__2011-03-07-10-00-05__2011-03-07-10-00-05__.log
+> test2__2011-03-07-10-59-55__2011-03-07-10-59-55__.log
+> test2__2011-03-07-11-00-05__2011-03-07-11-00-05__.log
+> test2__2011-03-07-11-59-55__2011-03-07-11-59-55__.log
+> test2__2011-03-07-12-00-05__2011-03-07-12-00-05__.log
+> test2__2011-03-07-12-59-55__2011-03-07-12-59-55__.log
+> test__2011-03-07-03-00-05__2011-03-07-03-00-05__.log
+> test__2011-03-07-04-00-05__2011-03-07-04-00-05__.log
+> test__2011-03-07-05-00-05__2011-03-07-05-00-05__.log
+> test__2011-03-07-06-00-05__2011-03-07-06-00-05__.log
+> test__2011-03-07-07-00-05__2011-03-07-07-00-05__.log
+> test__2011-03-07-08-00-05__2011-03-07-08-00-05__.log
+> test__2011-03-07-09-00-05__2011-03-07-09-00-05__.log
+> test__2011-03-07-10-00-05__2011-03-07-10-00-05__.log
+> test__2011-03-07-11-00-05__2011-03-07-11-00-05__.log
+> test__2011-03-07-12-00-05__2011-03-07-12-00-05__.log
--- a/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.custom-dir.log
+++ b/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.custom-dir.log
@ -0,0 +1 @@
+{"s":"test"}
--- a/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.default.log
+++ b/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.default.log
@ -0,0 +1 @@
+{"s":"test"}
--- a/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.zip-in-flight-custom-ext.log
+++ b/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.zip-in-flight-custom-ext.log
@ -0,0 +1 @@
+{"s":"test"}
--- a/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.zip-in-flight.log
+++ b/testing/btest/Baseline/supervisor.config-cluster-log-archival/test.zip-in-flight.log
@ -0,0 +1 @@
+{"s":"test"}
--- a/testing/btest/scripts/base/frameworks/logging/rotate-custom-fmt-func.zeek
+++ b/testing/btest/scripts/base/frameworks/logging/rotate-custom-fmt-func.zeek
@ -0,0 +1,49 @@
+# @TEST-EXEC: zeek -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out.tmp
+# @TEST-EXEC: cat out.tmp pp.log | sort >out
+# @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | $SCRIPTS/diff-remove-timestamps | uniq >>out
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { LOG };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	} &log;
+}
+
+function my_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationPath
+	{
+	local open_str = strftime(Log::default_rotation_date_format, ri$open);
+	local close_str = strftime(Log::default_rotation_date_format, ri$open);
+	local prefix =fmt("%s__%s__%s__", ri$path, open_str, close_str);
+	local rval = Log::RotationPath($file_prefix=prefix);
+	return rval;
+	}
+
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor_cmd = "echo 1st >>pp.log";
+redef Log::rotation_format_func = my_rotation_format_func;
+
+function custom_rotate(info: Log::RotationInfo) : bool
+	{
+	print "custom rotate", info;
+	return T;
+	}
+
+event zeek_init()
+	{
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	Log::add_filter(Test::LOG, [$name="2nd", $path="test2", $interv=30mins, $postprocessor=custom_rotate]);
+	}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
+	}
--- a/testing/btest/supervisor/config-cluster-leftover-log-archival.zeek
+++ b/testing/btest/supervisor/config-cluster-leftover-log-archival.zeek
@ -4,16 +4,14 @@
 # Test default leftover log rotation/archival behavior
 # @TEST-EXEC: btest-bg-run zeek zeek -j -b %INPUT
 # @TEST-EXEC: btest-bg-wait 45
-
-# @TEST-EXEC: cp zeek/logger-1/test*.log test.default.log
+# @TEST-EXEC: cp zeek/logger-1/log-queue/test*.log test.default.log
 # @TEST-EXEC: btest-diff test.default.log
 # @TEST-EXEC: rm -rf ./zeek

 # Test leftover log rotation/archival behavior with custom postprocessor func
 # @TEST-EXEC: btest-bg-run zeek zeek -j -b %INPUT use_custom_postproc=T
 # @TEST-EXEC: btest-bg-wait 45
-
-# @TEST-EXEC: cp zeek/logger-1/test*.log test.postproc.log
+# @TEST-EXEC: cp zeek/logger-1/log-queue/test*.log test.postproc.log
 # @TEST-EXEC: btest-diff test.postproc.log
 # @TEST-EXEC: btest-diff zeek/logger-1/postproc.out
 # @TEST-EXEC: rm -rf ./zeek
@ -37,17 +35,13 @@ export {
 }
 module GLOBAL;

-module LogAscii;
-export {
 function my_rotation_postprocessor(info: Log::RotationInfo) : bool
 	{
 	local f = open("postproc.out");
 	print f, "running my rotation postprocessor";
 	close(f);
-	return LogAscii::default_rotation_postprocessor_func(info);
+	return T;
 	}
-}
-module GLOBAL;

 event zeek_init()
 	{
@ -56,7 +50,7 @@ event zeek_init()
 	if ( use_custom_postproc )
 		{
 		local df = Log::get_filter(Test::LOG, "default");
-		df$postprocessor = LogAscii::my_rotation_postprocessor;
+		df$postprocessor = my_rotation_postprocessor;
 		Log::add_filter(Test::LOG, df);
 		}

@ -86,7 +80,7 @@ event zeek_init()
 			print sf, ".log";

 			if ( use_custom_postproc )
-				print sf, "LogAscii::my_rotation_postprocessor";
+				print sf, "my_rotation_postprocessor";
 			else
 				print sf, "";

--- a/testing/btest/supervisor/config-cluster-log-archival.zeek
+++ b/testing/btest/supervisor/config-cluster-log-archival.zeek
@ -0,0 +1,102 @@
+
+# @TEST-PORT: SUPERVISOR_PORT
+# @TEST-PORT: LOGGER_PORT
+
+# Test default log rotation/archival behavior (rotate into log-queue dir)
+# @TEST-EXEC: btest-bg-run zeek zeek -j -b %INPUT
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: cp zeek/logger-1/log-queue/test*.log test.default.log
+# @TEST-EXEC: btest-diff test.default.log
+# @TEST-EXEC: rm -rf ./zeek
+
+# Test rotation/archival behavior with in-flight compression
+# @TEST-EXEC: btest-bg-run zeek zeek -j -b LogAscii::gzip_level=1 %INPUT
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: gunzip -c zeek/logger-1/log-queue/test*.log.gz > test.zip-in-flight.log
+# @TEST-EXEC: btest-diff test.zip-in-flight.log
+# @TEST-EXEC: rm -rf ./zeek
+
+# Test rotation/archival behavior with in-flight compression + custom file extension
+# @TEST-EXEC: btest-bg-run zeek zeek -j -b LogAscii::gzip_level=1 LogAscii::gzip_file_extension="mygz" %INPUT
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: cp zeek/logger-1/log-queue/test*.log.mygz test.log.gz
+# @TEST-EXEC: gunzip -c test.log.gz > test.zip-in-flight-custom-ext.log
+# @TEST-EXEC: btest-diff test.zip-in-flight-custom-ext.log
+# @TEST-EXEC: rm -rf ./zeek
+
+# Test rotation/archival behavior with a custom rotation dir
+# @TEST-EXEC: btest-bg-run zeek zeek -j -b %INPUT Log::default_rotation_dir=my-logs
+# @TEST-EXEC: btest-bg-wait 45
+# @TEST-EXEC: cp zeek/logger-1/my-logs/test*.log test.custom-dir.log
+# @TEST-EXEC: btest-diff test.custom-dir.log
+# @TEST-EXEC: rm -rf ./zeek
+
+@load base/frameworks/cluster
+
+# JSON for log file brevity.
+redef LogAscii::use_json=T;
+
+global topic = "test-topic";
+
+module Test;
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		s: string;
+	} &log;
+}
+module GLOBAL;
+
+event pong()
+	{
+	terminate();
+	}
+
+event ping()
+	{
+	Log::write(Test::LOG, [$s="test"]);
+	Broker::publish(topic, pong);
+	}
+
+event zeek_init()
+	{
+	Log::create_stream(Test::LOG, [$columns=Test::Log]);
+
+	if ( Supervisor::is_supervisor() )
+		{
+		Broker::subscribe(topic);
+		Broker::listen("127.0.0.1", to_port(getenv("SUPERVISOR_PORT")));
+		Broker::peer("127.0.0.1", to_port(getenv("LOGGER_PORT")));
+
+		local cluster: table[string] of Supervisor::ClusterEndpoint;
+		cluster["logger-1"] = [$role=Supervisor::LOGGER, $host=127.0.0.1,
+			$p=to_port(getenv("LOGGER_PORT"))];
+
+		for ( n, ep in cluster )
+			{
+			local sn = Supervisor::NodeConfig($name = n);
+			sn$cluster = cluster;
+			sn$directory = n;
+			local res = Supervisor::create(sn);
+
+			if ( res != "" )
+				print fmt("failed to create node %s: %s", n, res);
+			}
+		}
+	else
+		{
+		Broker::subscribe(topic);
+		Broker::peer("127.0.0.1", to_port(getenv("SUPERVISOR_PORT")));
+		}
+	}
+
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	if ( Supervisor::is_supervisor() )
+		Broker::publish(topic, ping);
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	}