Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'pbcullen/topic/pbcullen/shadow-file-handling'

Browse source 
* pbcullen/topic/pbcullen/shadow-file-handling:
  reformat changes
  Gracefully handle empty/missing shadow file
This commit is contained in:
Tim Wojtulewicz 2024-04-26 12:29:18 -07:00
commit ad6d70d4e6
3 changed files with 24 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

10
CHANGES
View file

@ -1,3 +1,13 @@
7.0.0-dev.187 | 2024-04-26 12:29:18 -0700
* Gracefully handle empty/missing shadow file (Peter Cullen, Corelight)
When a shadow file is empty/missing during rotation, Zeek aborts
with an error message, but if the shadow file was empty, it'll still
be there after the restart, causing an endless restart loop. This
solution gracefully handles the rotation in such cases using the
default file extension and post processing function.
7.0.0-dev.184 | 2024-04-26 11:17:52 -0700 7.0.0-dev.184 | 2024-04-26 11:17:52 -0700
* GH-3671: Factor in caplens in ICMPAnalyzer::DeliverPacket length calculations (Christian Kreibich, Corelight) * GH-3671: Factor in caplens in ICMPAnalyzer::DeliverPacket length calculations (Christian Kreibich, Corelight)

2
VERSION
View file

@ -1 +1 @@
7.0.0-dev.184 7.0.0-dev.187

21
src/logging/writers/ascii/Ascii.cc
View file

@ -116,10 +116,14 @@ TEST_CASE("writers.ascii prefix_basename_with") {
static std::optional<LeftoverLog> parse_shadow_log(const std::string& fname) { static std::optional<LeftoverLog> parse_shadow_log(const std::string& fname) {
auto sfname = prefix_basename_with(fname, shadow_file_prefix); auto sfname = prefix_basename_with(fname, shadow_file_prefix);
string default_ext = "." + Ascii::LogExt();
if ( BifConst::LogAscii::gzip_level > 0 )
default_ext += ".gz";
LeftoverLog rval = {}; LeftoverLog rval = {};
rval.filename = fname; rval.filename = fname;
rval.shadow_filename = std::move(sfname); rval.shadow_filename = std::move(sfname);
rval.extension = default_ext;
auto sf_stream = fopen(rval.shadow_filename.data(), "r"); auto sf_stream = fopen(rval.shadow_filename.data(), "r");
@ -165,15 +169,16 @@ static std::optional<LeftoverLog> parse_shadow_log(const std::string& fname) {
auto sf_lines = util::tokenize_string(sf_view, '\n'); auto sf_lines = util::tokenize_string(sf_view, '\n');
if ( sf_lines.size() < 2 ) { if ( sf_lines.size() < 2 ) {
rval.error = util:: reporter->Warning(
fmt("Found leftover log, '%s', but the associated shadow " "Found leftover log, '%s', but the associated shadow "
" file, '%s', required to process it is invalid", " file, '%s', required to process it is invalid: using default "
rval.filename.data(), rval.shadow_filename.data()); " for extension (%s) and post_proc_func",
return rval; rval.filename.data(), rval.shadow_filename.data(), default_ext.data());
}
else {
rval.extension = sf_lines[0];
rval.post_proc_func = sf_lines[1];
} }
rval.extension = sf_lines[0];
rval.post_proc_func = sf_lines[1];
struct stat st; struct stat st;