diff --git a/aux/binpac b/aux/binpac index 4fc13f7c69..7cdd9c39d9 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 4fc13f7c6987b4163609e3df7a31f38501411cb7 +Subproject commit 7cdd9c39d97c2984293fbe4a6dbe9ac0b33ecbfa diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.bro index f4db54fc50..c9ce8c2d1a 100644 --- a/scripts/base/frameworks/cluster/nodes/manager.bro +++ b/scripts/base/frameworks/cluster/nodes/manager.bro @@ -14,7 +14,7 @@ redef Log::enable_remote_logging = F; ## Use the cluster's archive logging script. -redef Log::default_rotation_postprocessor = "archive-log"; +redef Log::default_rotation_postprocessor_cmd = "archive-log"; ## We're processing essentially *only* remote events. redef max_remote_events_processed = 10000; diff --git a/scripts/base/frameworks/cluster/nodes/proxy.bro b/scripts/base/frameworks/cluster/nodes/proxy.bro index c1af918842..377b087b36 100644 --- a/scripts/base/frameworks/cluster/nodes/proxy.bro +++ b/scripts/base/frameworks/cluster/nodes/proxy.bro @@ -12,5 +12,5 @@ redef Log::enable_local_logging = F; redef Log::enable_remote_logging = T; ## Use the cluster's delete-log script. -redef Log::default_rotation_postprocessor = "delete-log"; +redef Log::default_rotation_postprocessor_cmd = "delete-log"; diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.bro index f8aae6a23c..cf8620c5d7 100644 --- a/scripts/base/frameworks/cluster/nodes/worker.bro +++ b/scripts/base/frameworks/cluster/nodes/worker.bro @@ -8,7 +8,7 @@ redef Log::enable_local_logging = F; redef Log::enable_remote_logging = T; ## Use the cluster's delete-log script. -redef Log::default_rotation_postprocessor = "delete-log"; +redef Log::default_rotation_postprocessor_cmd = "delete-log"; ## Record all packets into trace file. # TODO: should we really be setting this to T? diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index c7ffea84cc..e31f931de9 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -27,6 +27,17 @@ export { ev: any &optional; }; + ## Default function for building the path values for log filters if not + ## speficied otherwise by a filter. The default implementation uses ``id`` + ## to derive a name. + ## + ## id: The log stream. + ## path: A suggested path value, which may be either the filter's ``path`` + ## if defined or a fall-back generated internally. + ## + ## Returns: The path to be used for the filter. + global default_path_func: function(id: ID, path: string) : string &redef; + ## Filter customizing logging. type Filter: record { ## Descriptive name to reference this filter. @@ -50,7 +61,7 @@ export { ## The specific interpretation of the string is up to ## the used writer, and may for example be the destination ## file name. Generally, filenames are expected to given - ## without any extensions; writers will add appropiate + ## without any extensions; writers will add appropiate ## extensions automatically. path: string &optional; @@ -81,36 +92,34 @@ export { ## Information passed into rotation callback functions. type RotationInfo: record { - writer: Writer; ##< Writer. - path: string; ##< Original path value. - open: time; ##< Time when opened. - close: time; ##< Time when closed. + writer: Writer; ##< Writer. + fname: string; ##< Full name of the rotated file. + path: string; ##< Original path value. + open: time; ##< Time when opened. + close: time; ##< Time when closed. + terminating: bool; ##< True if rotation occured due to Bro shutting down. }; ## Default rotation interval. Zero disables rotation. const default_rotation_interval = 0secs &redef; - ## Default naming suffix format. Uses a strftime() style. - const default_rotation_date_format = "%y-%m-%d_%H.%M.%S" &redef; + ## Default naming format for timestamps embedded into filenames. Uses a strftime() style. + const default_rotation_date_format = "%Y-%m-%d-%H-%M-%S" &redef; - ## Default postprocessor for writers outputting into files. - const default_rotation_postprocessor = "" &redef; + ## Default shell command to run on rotated files. Empty for none. + const default_rotation_postprocessor_cmd = "" &redef; - ## Default function to construct the name of a rotated output file. - ## The default implementation appends info$date_fmt to the original - ## file name. - ## - ## info: Meta-data about the file to be rotated. - global default_rotation_path_func: function(info: RotationInfo) : string &redef; + ## Specifies the default postprocessor function per writer type. Entries in this + ## table are initialized by each writer type. + const default_rotation_postprocessors: table[Writer] of function(info: RotationInfo) : bool &redef; ## Type for controlling file rotation. type RotationControl: record { ## Rotation interval. interv: interval &default=default_rotation_interval; - ## Format for timestamps embedded into rotated file names. - date_fmt: string &default=default_rotation_date_format; - ## Postprocessor process to run on rotate file. - postprocessor: string &default=default_rotation_postprocessor; + ## Callback function to trigger for rotated files. If not set, the default + ## comes out of default_rotation_postprocessors. + postprocessor: function(info: RotationInfo) : bool &optional; }; ## Specifies rotation parameters per ``(id, path)`` tuple. @@ -133,6 +142,8 @@ export { global flush: function(id: ID): bool; global add_default_filter: function(id: ID) : bool; global remove_default_filter: function(id: ID) : bool; + + global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool; } # We keep a script-level copy of all filters so that we can manipulate them. @@ -140,10 +151,39 @@ global filters: table[ID, string] of Filter; @load logging.bif.bro # Needs Filter and Stream defined. -function default_rotation_path_func(info: RotationInfo) : string +module Log; + +# Used internally by the log manager. +function __default_rotation_postprocessor(info: RotationInfo) : bool { - local date_fmt = rotation_control[info$writer, info$path]$date_fmt; - return fmt("%s-%s", info$path, strftime(date_fmt, info$open)); + if ( info$writer in default_rotation_postprocessors ) + return default_rotation_postprocessors[info$writer](info); + } + +function default_path_func(id: ID, path: string) : string + { + # TODO for Seth: Do what you want. :) + return path; + } + +# Run post-processor on file. If there isn't any postprocessor defined, +# we move the file to a nicer name. +function run_rotation_postprocessor_cmd(info: RotationInfo, npath: string) : bool + { + local pp_cmd = default_rotation_postprocessor_cmd; + + if ( pp_cmd == "" ) + return T; + + # The date format is hard-coded here to provide a standardized + # script interface. + system(fmt("%s %s %s %s %s %d", + pp_cmd, npath, info$path, + strftime("%y-%m-%d_%H.%M.%S", info$open), + strftime("%y-%m-%d_%H.%M.%S", info$close), + info$terminating)); + + return T; } function create_stream(id: ID, stream: Stream) : bool @@ -159,9 +199,15 @@ function disable_stream(id: ID) : bool if ( ! __disable_stream(id) ) return F; } - + function add_filter(id: ID, filter: Filter) : bool { + # This is a work-around for the fact that we can't forward-declare + # the default_path_func and then use it as &default in the record + # definition. + if ( ! filter?$path_func ) + filter$path_func = default_path_func; + filters[id, filter$name] = filter; return __add_filter(id, filter); } diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.bro index bf9fb84d01..1b5b1be33d 100644 --- a/scripts/base/frameworks/logging/writers/ascii.bro +++ b/scripts/base/frameworks/logging/writers/ascii.bro @@ -26,4 +26,19 @@ export { const unset_field = "-" &redef; } +# Default function to postprocess a rotated ASCII log file. It moves the rotated +# file to a new name that includes a timestamp with the opening time, and then +# runs the writer's default postprocessor command on it. +function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool + { + # Move file to name including both opening and closing time. + local dst = fmt("%s.%s.log", info$path, + strftime(Log::default_rotation_date_format, info$open)); + system(fmt("/bin/mv %s %s", info$fname, dst)); + + # Run default postprocessor. + return Log::run_rotation_postprocessor_cmd(info, dst); + } + +redef Log::default_rotation_postprocessors += { [Log::WRITER_ASCII] = default_rotation_postprocessor_func }; diff --git a/src/LogMgr.cc b/src/LogMgr.cc index 461bf25e02..9f8c33a107 100644 --- a/src/LogMgr.cc +++ b/src/LogMgr.cc @@ -433,6 +433,25 @@ LogMgr::Stream* LogMgr::FindStream(EnumVal* id) return streams[idx]; } +LogMgr::WriterInfo* LogMgr::FindWriter(LogWriter* writer) + { + for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) + { + if ( ! *s ) + continue; + + for ( Stream::WriterMap::iterator i = (*s)->writers.begin(); i != (*s)->writers.end(); i++ ) + { + WriterInfo* winfo = i->second; + + if ( winfo->writer == writer ) + return winfo; + } + } + + return 0; + } + void LogMgr::RemoveDisabledWriters(Stream* stream) { list disabled; @@ -1411,6 +1430,8 @@ void LogMgr::InstallRotationTimer(WriterInfo* winfo) RecordVal* rc = LookupRotationControl(winfo->type, winfo->writer->Path()); + assert(rc); + int idx = rc->Type()->AsRecordType()->FieldOffset("interv"); double rotation_interval = rc->LookupWithDefault(idx)->AsInterval(); @@ -1448,34 +1469,63 @@ void LogMgr::Rotate(WriterInfo* winfo) DBG_LOG(DBG_LOGGING, "Rotating %s at %.6f", winfo->writer->Path().c_str(), network_time); - // Create the RotationInfo record. - RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo); - info->Assign(0, winfo->type->Ref()); - info->Assign(1, new StringVal(winfo->writer->Path().c_str())); - info->Assign(2, new Val(winfo->open_time, TYPE_TIME)); - info->Assign(3, new Val(network_time, TYPE_TIME)); + // Build a temporary path for the writer to move the file to. + struct tm tm; + char buf[128]; + const char* const date_fmt = "%y-%m-%d_%H.%M.%S"; + time_t teatime = (time_t)winfo->open_time; - // Call the function building us the new path. + localtime_r(&teatime, &tm); + strftime(buf, sizeof(buf), date_fmt, &tm); - Func* rotation_path_func = - internal_func("Log::default_rotation_path_func"); + string tmp = string(fmt("%s-%s", winfo->writer->Path().c_str(), buf)); + + // Trigger the rotation. + winfo->writer->Rotate(tmp, winfo->open_time, network_time, terminating); + } + +bool LogMgr::FinishedRotation(LogWriter* writer, string new_name, string old_name, + double open, double close, bool terminating) + { + DBG_LOG(DBG_LOGGING, "Finished rotating %s at %.6f, new name %s", + writer->Path().c_str(), network_time, new_name.c_str()); + + WriterInfo* winfo = FindWriter(writer); + assert(winfo); RecordVal* rc = LookupRotationControl(winfo->type, winfo->writer->Path()); + assert(rc); + + // Create the RotationInfo record. + RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo); + info->Assign(0, winfo->type->Ref()); + info->Assign(1, new StringVal(new_name.c_str())); + info->Assign(2, new StringVal(winfo->writer->Path().c_str())); + info->Assign(3, new Val(open, TYPE_TIME)); + info->Assign(4, new Val(close, TYPE_TIME)); + info->Assign(5, new Val(terminating, TYPE_BOOL)); + int idx = rc->Type()->AsRecordType()->FieldOffset("postprocessor"); + assert(idx >= 0); - string rotation_postprocessor = - rc->LookupWithDefault(idx)->AsString()->CheckString(); + Val* func = rc->Lookup(idx); + if ( ! func ) + { + ID* id = global_scope()->Lookup("Log::__default_rotation_postprocessor"); + assert(id); + func = id->ID_Val(); + } + assert(func); + + // Call the postprocessor function. val_list vl(1); vl.append(info); - Val* result = rotation_path_func->Call(&vl); - string new_path = result->AsString()->CheckString(); - Unref(result); - - winfo->writer->Rotate(new_path, rotation_postprocessor, - winfo->open_time, network_time, terminating); + Val* v = func->AsFunc()->Call(&vl); + int result = v->AsBool(); + Unref(v); + return result; } - diff --git a/src/LogMgr.h b/src/LogMgr.h index cc593374c5..033a6ba3fd 100644 --- a/src/LogMgr.h +++ b/src/LogMgr.h @@ -103,6 +103,10 @@ protected: //// Functions safe to use by writers. + // Signals that a file has been rotated. + bool FinishedRotation(LogWriter* writer, string new_name, string old_name, + double open, double close, bool terminating); + // Reports an error for the given writer. void Error(LogWriter* writer, const char* msg); @@ -127,6 +131,7 @@ private: void Rotate(WriterInfo* info); RecordVal* LookupRotationControl(EnumVal* writer, string path); Filter* FindFilter(EnumVal* id, StringVal* filter); + WriterInfo* FindWriter(LogWriter* writer); vector streams; // Indexed by stream enum. }; diff --git a/src/LogWriter.cc b/src/LogWriter.cc index 0017f8f246..8584a0b0b5 100644 --- a/src/LogWriter.cc +++ b/src/LogWriter.cc @@ -89,10 +89,10 @@ bool LogWriter::SetBuf(bool enabled) return true; } -bool LogWriter::Rotate(string rotated_path, string postprocessor, double open, +bool LogWriter::Rotate(string rotated_path, double open, double close, bool terminating) { - if ( ! DoRotate(rotated_path, postprocessor, open, close, terminating) ) + if ( ! DoRotate(rotated_path, open, close, terminating) ) { disabled = true; return false; @@ -151,42 +151,8 @@ void LogWriter::DeleteVals(LogVal** vals) log_mgr->DeleteVals(num_fields, vals); } -bool LogWriter::RunPostProcessor(string fname, string postprocessor, - string old_name, double open, double close, - bool terminating) +bool LogWriter::FinishedRotation(string new_name, string old_name, double open, + double close, bool terminating) { - // This function operates in a way that is backwards-compatible with - // the old Bro log rotation scheme. - - if ( ! postprocessor.size() ) - return true; - - const char* const fmt = "%y-%m-%d_%H.%M.%S"; - - struct tm tm1; - struct tm tm2; - - time_t tt1 = (time_t)open; - time_t tt2 = (time_t)close; - - localtime_r(&tt1, &tm1); - localtime_r(&tt2, &tm2); - - char buf1[128]; - char buf2[128]; - - strftime(buf1, sizeof(buf1), fmt, &tm1); - strftime(buf2, sizeof(buf2), fmt, &tm2); - - string cmd = postprocessor; - cmd += " " + fname; - cmd += " " + old_name; - cmd += " " + string(buf1); - cmd += " " + string(buf2); - cmd += " " + string(terminating ? "1" : "0"); - cmd += " &"; - - system(cmd.c_str()); - - return true; + return log_mgr->FinishedRotation(this, new_name, old_name, open, close, terminating); } diff --git a/src/LogWriter.h b/src/LogWriter.h index 8dcd05a67f..1d2f9fa4b2 100644 --- a/src/LogWriter.h +++ b/src/LogWriter.h @@ -60,8 +60,7 @@ public: // Triggers rotation, if the writer supports that. (If not, it will // be ignored). - bool Rotate(string rotated_path, string postprocessor, double open, - double close, bool terminating); + bool Rotate(string rotated_path, double open, double close, bool terminating); // Finishes writing to this logger regularly. Must not be called if // an error has been indicated earlier. After calling this, no @@ -77,7 +76,6 @@ public: const LogField* const * Fields() const { return fields; } protected: - // Methods for writers to override. If any of these returs false, it // will be assumed that a fatal error has occured that prevents the // writer from further operation. It will then be disabled and @@ -116,6 +114,10 @@ protected: // applies to writers writing into files, which should then close the // current file and open a new one. However, a writer may also // trigger other apppropiate actions if semantics are similar. + // + // Once rotation has finished, the implementation should call + // RotationDone() to signal the log manager that potential + // postprocessors can now run. // // "rotate_path" reflects the path to where the rotated output is to // be moved, with specifics depending on the writer. It should @@ -123,12 +125,7 @@ protected: // as passed into DoInit(). As an example, for file-based output, // "rotate_path" could be the original filename extended with a // timestamp indicating the time of the rotation. - - // "postprocessor" is the name of a command to execute on the rotated - // file. If empty, no postprocessing should take place; if given but - // the writer doesn't support postprocessing, it can be ignored (but - // the method must still return true in that case). - + // // "open" and "close" are the network time's when the *current* file // was opened and closed, respectively. // @@ -138,8 +135,8 @@ protected: // // A writer may ignore rotation requests if it doesn't fit with its // semantics (but must still return true in that case). - virtual bool DoRotate(string rotated_path, string postprocessor, - double open, double close, bool terminating) = 0; + virtual bool DoRotate(string rotated_path, double open, double close, + bool terminating) = 0; // Called once on termination. Not called when any of the other // methods has previously signaled an error, i.e., executing this @@ -157,11 +154,18 @@ protected: // Reports an error to the user. void Error(const char *msg); - // Runs a post-processor on the given file. Parameters correspond to - // those of DoRotate(). - bool RunPostProcessor(string fname, string postprocessor, - string old_name, double open, double close, - bool terminating); + // Signals to the log manager that a file has been rotated. + // + // new_name: The filename of the rotated file. old_name: The filename + // of the origina file. + // + // open/close: The timestamps when the original file was opened and + // closed, respectively. + // + // terminating: True if rotation request occured due to the main Bro + // process shutting down. + bool FinishedRotation(string new_name, string old_name, double open, + double close, bool terminating); private: friend class LogMgr; diff --git a/src/LogWriterAscii.cc b/src/LogWriterAscii.cc index 02a18bb672..ad2adbfee1 100644 --- a/src/LogWriterAscii.cc +++ b/src/LogWriterAscii.cc @@ -242,7 +242,7 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields, return true; } -bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open, +bool LogWriterAscii::DoRotate(string rotated_path, double open, double close, bool terminating) { if ( IsSpecial(Path()) ) @@ -254,10 +254,8 @@ bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double string nname = rotated_path + ".log"; rename(fname.c_str(), nname.c_str()); - if ( postprocessor.size() && - ! RunPostProcessor(nname, postprocessor, fname.c_str(), - open, close, terminating) ) - return false; + if ( ! FinishedRotation(nname, fname, open, close, terminating) ) + Error(Fmt("error rotating %s to %s", fname.c_str(), nname.c_str())); return DoInit(Path(), NumFields(), Fields()); } diff --git a/src/LogWriterAscii.h b/src/LogWriterAscii.h index fecbd9e94c..cceb685ff9 100644 --- a/src/LogWriterAscii.h +++ b/src/LogWriterAscii.h @@ -20,8 +20,8 @@ protected: virtual bool DoWrite(int num_fields, const LogField* const * fields, LogVal** vals); virtual bool DoSetBuf(bool enabled); - virtual bool DoRotate(string rotated_path, string postprocessr, - double open, double close, bool terminating); + virtual bool DoRotate(string rotated_path, double open, double close, + bool terminating); virtual bool DoFlush(); virtual void DoFinish(); diff --git a/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out b/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out index af2b17dc75..18bd12d88f 100644 --- a/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out +++ b/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out @@ -1,33 +1,33 @@ -1st test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0 -1st test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0 -1st test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0 -1st test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0 -1st test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0 -1st test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0 -1st test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0 -1st test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0 -1st test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0 -1st test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1 -2nd test2-11-03-07_03.00.05.log test2.log 11-03-07_03.00.05 11-03-07_03.59.55 0 -2nd test2-11-03-07_03.59.55.log test2.log 11-03-07_03.59.55 11-03-07_04.00.05 0 -2nd test2-11-03-07_04.00.05.log test2.log 11-03-07_04.00.05 11-03-07_04.59.55 0 -2nd test2-11-03-07_04.59.55.log test2.log 11-03-07_04.59.55 11-03-07_05.00.05 0 -2nd test2-11-03-07_05.00.05.log test2.log 11-03-07_05.00.05 11-03-07_05.59.55 0 -2nd test2-11-03-07_05.59.55.log test2.log 11-03-07_05.59.55 11-03-07_06.00.05 0 -2nd test2-11-03-07_06.00.05.log test2.log 11-03-07_06.00.05 11-03-07_06.59.55 0 -2nd test2-11-03-07_06.59.55.log test2.log 11-03-07_06.59.55 11-03-07_07.00.05 0 -2nd test2-11-03-07_07.00.05.log test2.log 11-03-07_07.00.05 11-03-07_07.59.55 0 -2nd test2-11-03-07_07.59.55.log test2.log 11-03-07_07.59.55 11-03-07_08.00.05 0 -2nd test2-11-03-07_08.00.05.log test2.log 11-03-07_08.00.05 11-03-07_08.59.55 0 -2nd test2-11-03-07_08.59.55.log test2.log 11-03-07_08.59.55 11-03-07_09.00.05 0 -2nd test2-11-03-07_09.00.05.log test2.log 11-03-07_09.00.05 11-03-07_09.59.55 0 -2nd test2-11-03-07_09.59.55.log test2.log 11-03-07_09.59.55 11-03-07_10.00.05 0 -2nd test2-11-03-07_10.00.05.log test2.log 11-03-07_10.00.05 11-03-07_10.59.55 0 -2nd test2-11-03-07_10.59.55.log test2.log 11-03-07_10.59.55 11-03-07_11.00.05 0 -2nd test2-11-03-07_11.00.05.log test2.log 11-03-07_11.00.05 11-03-07_11.59.55 0 -2nd test2-11-03-07_11.59.55.log test2.log 11-03-07_11.59.55 11-03-07_12.00.05 0 -2nd test2-11-03-07_12.00.05.log test2.log 11-03-07_12.00.05 11-03-07_12.59.55 0 -2nd test2-11-03-07_12.59.55.log test2.log 11-03-07_12.59.55 11-03-07_12.59.55 1 +1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 +1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 +1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 +1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 +1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 +1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 +1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 +1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 +1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 +1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.00.05.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.59.55.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.00.05.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.59.55.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.00.05.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.59.55.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.00.05.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.59.55.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.00.05.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.59.55.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.00.05.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.59.55.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.00.05.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.59.55.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.00.05.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.59.55.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F] +custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T] # t id.orig_h id.orig_p id.resp_h id.resp_p 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 1299470395.000000 10.0.0.2 20 10.0.0.3 0 @@ -49,16 +49,16 @@ 1299499195.000000 10.0.0.2 20 10.0.0.3 8 1299499205.000000 10.0.0.1 20 10.0.0.2 1033 1299502795.000000 10.0.0.2 20 10.0.0.3 9 -> test-11-03-07_03.00.05.log -> test-11-03-07_04.00.05.log -> test-11-03-07_05.00.05.log -> test-11-03-07_06.00.05.log -> test-11-03-07_07.00.05.log -> test-11-03-07_08.00.05.log -> test-11-03-07_09.00.05.log -> test-11-03-07_10.00.05.log -> test-11-03-07_11.00.05.log -> test-11-03-07_12.00.05.log +> test.2011-03-07-03-00-05.log +> test.2011-03-07-04-00-05.log +> test.2011-03-07-05-00-05.log +> test.2011-03-07-06-00-05.log +> test.2011-03-07-07-00-05.log +> test.2011-03-07-08-00-05.log +> test.2011-03-07-09-00-05.log +> test.2011-03-07-10-00-05.log +> test.2011-03-07-11-00-05.log +> test.2011-03-07-12-00-05.log > test.log > test2-11-03-07_03.00.05.log > test2-11-03-07_03.59.55.log diff --git a/testing/btest/Baseline/policy.frameworks.logging.rotate/out b/testing/btest/Baseline/policy.frameworks.logging.rotate/out index cfadfad390..b153c5b7fa 100644 --- a/testing/btest/Baseline/policy.frameworks.logging.rotate/out +++ b/testing/btest/Baseline/policy.frameworks.logging.rotate/out @@ -1,50 +1,50 @@ -test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0 -test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0 -test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0 -test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0 -test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0 -test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0 -test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0 -test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0 -test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0 -test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1 -> test-11-03-07_03.00.05.log +test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 +test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 +test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 +test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 +test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 +test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 +test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 +test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 +test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 +test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 +> test.2011-03-07-03-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 1299470395.000000 10.0.0.2 20 10.0.0.3 0 -> test-11-03-07_04.00.05.log +> test.2011-03-07-04-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299470405.000000 10.0.0.1 20 10.0.0.2 1025 1299473995.000000 10.0.0.2 20 10.0.0.3 1 -> test-11-03-07_05.00.05.log +> test.2011-03-07-05-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299474005.000000 10.0.0.1 20 10.0.0.2 1026 1299477595.000000 10.0.0.2 20 10.0.0.3 2 -> test-11-03-07_06.00.05.log +> test.2011-03-07-06-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299477605.000000 10.0.0.1 20 10.0.0.2 1027 1299481195.000000 10.0.0.2 20 10.0.0.3 3 -> test-11-03-07_07.00.05.log +> test.2011-03-07-07-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299481205.000000 10.0.0.1 20 10.0.0.2 1028 1299484795.000000 10.0.0.2 20 10.0.0.3 4 -> test-11-03-07_08.00.05.log +> test.2011-03-07-08-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299484805.000000 10.0.0.1 20 10.0.0.2 1029 1299488395.000000 10.0.0.2 20 10.0.0.3 5 -> test-11-03-07_09.00.05.log +> test.2011-03-07-09-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299488405.000000 10.0.0.1 20 10.0.0.2 1030 1299491995.000000 10.0.0.2 20 10.0.0.3 6 -> test-11-03-07_10.00.05.log +> test.2011-03-07-10-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299492005.000000 10.0.0.1 20 10.0.0.2 1031 1299495595.000000 10.0.0.2 20 10.0.0.3 7 -> test-11-03-07_11.00.05.log +> test.2011-03-07-11-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299495605.000000 10.0.0.1 20 10.0.0.2 1032 1299499195.000000 10.0.0.2 20 10.0.0.3 8 -> test-11-03-07_12.00.05.log +> test.2011-03-07-12-00-05.log # t id.orig_h id.orig_p id.resp_h id.resp_p 1299499205.000000 10.0.0.1 20 10.0.0.2 1033 1299502795.000000 10.0.0.2 20 10.0.0.3 9 diff --git a/testing/btest/policy/frameworks/logging/rotate-custom.bro b/testing/btest/policy/frameworks/logging/rotate-custom.bro index 9f5960a09a..788fa090e9 100644 --- a/testing/btest/policy/frameworks/logging/rotate-custom.bro +++ b/testing/btest/policy/frameworks/logging/rotate-custom.bro @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT | egrep "test|test2" | sort >out +# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | egrep "test|test2" | sort >out # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out # @TEST-EXEC: btest-diff out @@ -18,10 +18,16 @@ export { } redef Log::default_rotation_interval = 1hr; -redef Log::default_rotation_postprocessor = "echo 1st"; +redef Log::default_rotation_postprocessor_cmd = "echo 1st"; + +function custom_rotate(info: Log::RotationInfo) : bool +{ + print "custom rotate", info; + return T; +} redef Log::rotation_control += { - [Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor="echo 2nd"] + [Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor=custom_rotate] }; event bro_init() diff --git a/testing/btest/policy/frameworks/logging/rotate.bro b/testing/btest/policy/frameworks/logging/rotate.bro index 0179a0bbe2..d53b92f169 100644 --- a/testing/btest/policy/frameworks/logging/rotate.bro +++ b/testing/btest/policy/frameworks/logging/rotate.bro @@ -1,6 +1,6 @@ # -# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT | grep "test" >out -# @TEST-EXEC: for i in test-*.log; do printf '> %s\n' $i; cat $i; done >>out +# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT 2>&1 | grep "test" >out +# @TEST-EXEC: for i in test.*.log; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out module Test; @@ -18,7 +18,7 @@ export { } redef Log::default_rotation_interval = 1hr; -redef Log::default_rotation_postprocessor = "echo"; +redef Log::default_rotation_postprocessor_cmd = "echo"; event bro_init() {