Merge branch 'topic/robin/rotation-pp'

* topic/robin/rotation-pp: Adding a default_path_func that makes the default naming scheme script-level controlled. Reworking logging's postprocessor logic. Conflicts: scripts/base/frameworks/logging/main.bro testing/btest/policy/frameworks/logging/rotate-custom.bro
2025-10-02 14:48:21 +00:00 · 2011-08-08 16:03:56 -07:00 · 2011-08-08 16:03:56 -07:00 · bbb0b855a2
commit bbb0b855a2
parent 103396f6d3 e026533875
16 changed files with 263 additions and 173 deletions
--- a/aux/binpac
+++ b/aux/binpac
@ -1 +1 @@
-Subproject commit 4fc13f7c6987b4163609e3df7a31f38501411cb7
+Subproject commit 7cdd9c39d97c2984293fbe4a6dbe9ac0b33ecbfa
--- a/scripts/base/frameworks/cluster/nodes/manager.bro
+++ b/scripts/base/frameworks/cluster/nodes/manager.bro
@ -14,7 +14,7 @@
 redef Log::enable_remote_logging = F;
 ## Use the cluster's archive logging script.
-redef Log::default_rotation_postprocessor = "archive-log";
+redef Log::default_rotation_postprocessor_cmd = "archive-log";
 ## We're processing essentially *only* remote events.
 redef max_remote_events_processed = 10000;
--- a/scripts/base/frameworks/cluster/nodes/proxy.bro
+++ b/scripts/base/frameworks/cluster/nodes/proxy.bro
@ -12,5 +12,5 @@ redef Log::enable_local_logging = F;
 redef Log::enable_remote_logging = T;
 ## Use the cluster's delete-log script.
-redef Log::default_rotation_postprocessor = "delete-log";
+redef Log::default_rotation_postprocessor_cmd = "delete-log";
--- a/scripts/base/frameworks/cluster/nodes/worker.bro
+++ b/scripts/base/frameworks/cluster/nodes/worker.bro
@ -8,7 +8,7 @@ redef Log::enable_local_logging = F;
 redef Log::enable_remote_logging = T;
 ## Use the cluster's delete-log script.
-redef Log::default_rotation_postprocessor = "delete-log";
+redef Log::default_rotation_postprocessor_cmd = "delete-log";
 ## Record all packets into trace file.
 # TODO: should we really be setting this to T?
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@ -27,6 +27,17 @@ export {
 		ev: any &optional;
 	};
 	## Default function for building the path values for log filters if not
 	## speficied otherwise by a filter. The default implementation uses ``id``
 	## to derive a name.
 	##
 	## id: The log stream.
 	## path: A suggested path value, which may be either the filter's ``path``
 	## if defined or a fall-back generated internally.
 	##
 	## Returns: The path to be used for the filter.
 	global default_path_func: function(id: ID, path: string) : string &redef;
 	## Filter customizing logging.
 	type Filter: record {
 		## Descriptive name to reference this filter.
@ -82,35 +93,33 @@ export {
 	## Information passed into rotation callback functions.
 	type RotationInfo: record {
 		writer: Writer;		##< Writer.
 		fname: string;		##< Full name of the rotated file.
 		path: string;		##< Original path value.
 		open: time;			##< Time when opened.
 		close: time;		##< Time when closed.
 		terminating: bool;	##< True if rotation occured due to Bro shutting down.
 	};
 	## Default rotation interval. Zero disables rotation.
 	const default_rotation_interval = 0secs &redef;
-	## Default naming suffix format. Uses a strftime() style.
+	## Default naming format for timestamps embedded into filenames. Uses a strftime() style.
-	const default_rotation_date_format = "%y-%m-%d_%H.%M.%S" &redef;
+	const default_rotation_date_format = "%Y-%m-%d-%H-%M-%S" &redef;
-	## Default postprocessor for writers outputting into files.
+	## Default shell command to run on rotated files. Empty for none.
-	const default_rotation_postprocessor = "" &redef;
+	const default_rotation_postprocessor_cmd = "" &redef;
-	## Default function to construct the name of a rotated output file.
+	## Specifies the default postprocessor function per writer type. Entries in this
-	## The default implementation appends info$date_fmt to the original
+	## table are initialized by each writer type.
-	## file name.
+	const default_rotation_postprocessors: table[Writer] of function(info: RotationInfo) : bool &redef;
 	##
 	## info: Meta-data about the file to be rotated.
 	global default_rotation_path_func: function(info: RotationInfo) : string &redef;
 	## Type for controlling file rotation.
 	type RotationControl: record  {
 		## Rotation interval.
 		interv: interval &default=default_rotation_interval;
-		## Format for timestamps embedded into rotated file names.
+		## Callback function to trigger for rotated files. If not set, the default
-		date_fmt: string &default=default_rotation_date_format;
+		## comes out of default_rotation_postprocessors.
-		## Postprocessor process to run on rotate file.
+		postprocessor: function(info: RotationInfo) : bool &optional;
 		postprocessor: string &default=default_rotation_postprocessor;
 	};
 	## Specifies rotation parameters per ``(id, path)`` tuple.
@ -133,6 +142,8 @@ export {
 	global flush: function(id: ID): bool;
 	global add_default_filter: function(id: ID) : bool;
 	global remove_default_filter: function(id: ID) : bool;
 	global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool;
 }
 # We keep a script-level copy of all filters so that we can manipulate them.
@ -140,10 +151,39 @@ global filters: table[ID, string] of Filter;
@load logging.bif.bro # Needs Filter and Stream defined.
-function default_rotation_path_func(info: RotationInfo) : string
+module Log;
 # Used internally by the log manager.
 function __default_rotation_postprocessor(info: RotationInfo) : bool
 	{
-	local date_fmt = rotation_control[info$writer, info$path]$date_fmt;
+	if ( info$writer in default_rotation_postprocessors )
-	return fmt("%s-%s", info$path, strftime(date_fmt, info$open));
+		return default_rotation_postprocessors[info$writer](info);
 	}
 function default_path_func(id: ID, path: string) : string
 	{
 	# TODO for Seth: Do what you want. :)
 	return path;
 	}
 # Run post-processor on file. If there isn't any postprocessor defined,
 # we move the file to a nicer name.
 function run_rotation_postprocessor_cmd(info: RotationInfo, npath: string) : bool
 	{
 	local pp_cmd = default_rotation_postprocessor_cmd;
 	if ( pp_cmd == "" )
 		return T;
 	# The date format is hard-coded here to provide a standardized
 	# script interface.
 	system(fmt("%s %s %s %s %s %d",
               pp_cmd, npath, info$path,
               strftime("%y-%m-%d_%H.%M.%S", info$open),
               strftime("%y-%m-%d_%H.%M.%S", info$close),
               info$terminating));
 	return T;
 	}
 function create_stream(id: ID, stream: Stream) : bool
@ -162,6 +202,12 @@ function disable_stream(id: ID) : bool
 function add_filter(id: ID, filter: Filter) : bool
 	{
 	# This is a work-around for the fact that we can't forward-declare
 	# the default_path_func and then use it as &default in the record
 	# definition.
 	if ( ! filter?$path_func )
 		filter$path_func = default_path_func;
 	filters[id, filter$name] = filter;
 	return __add_filter(id, filter);
 	}
--- a/scripts/base/frameworks/logging/writers/ascii.bro
+++ b/scripts/base/frameworks/logging/writers/ascii.bro
@ -26,4 +26,19 @@ export {
 	const unset_field = "-" &redef;
 }
 # Default function to postprocess a rotated ASCII log file. It moves the rotated
 # file to a new name that includes a timestamp with the opening time, and then
 # runs the writer's default postprocessor command on it.
 function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool
 	{
 	# Move file to name including both opening and closing time.
 	local dst = fmt("%s.%s.log", info$path,
 			strftime(Log::default_rotation_date_format, info$open));
 	system(fmt("/bin/mv %s %s", info$fname, dst));
 	# Run default postprocessor.
 	return Log::run_rotation_postprocessor_cmd(info, dst);
 	}
 redef Log::default_rotation_postprocessors += { [Log::WRITER_ASCII] = default_rotation_postprocessor_func };
--- a/src/LogMgr.cc
+++ b/src/LogMgr.cc
@ -433,6 +433,25 @@ LogMgr::Stream* LogMgr::FindStream(EnumVal* id)
 	return streams[idx];
 	}
 LogMgr::WriterInfo* LogMgr::FindWriter(LogWriter* writer)
 	{
 	for ( vector<Stream *>::iterator s = streams.begin(); s != streams.end(); ++s )
 		{
 		if ( ! *s )
 			continue;
 		for ( Stream::WriterMap::iterator i = (*s)->writers.begin(); i != (*s)->writers.end(); i++ )
 			{
 			WriterInfo* winfo = i->second;
 			if ( winfo->writer == writer )
 				return winfo;
 			}
 		}
 	return 0;
 	}
 void LogMgr::RemoveDisabledWriters(Stream* stream)
 	{
 	list<Stream::WriterPathPair> disabled;
@ -1411,6 +1430,8 @@ void LogMgr::InstallRotationTimer(WriterInfo* winfo)
 	RecordVal* rc =
 		LookupRotationControl(winfo->type, winfo->writer->Path());
 	assert(rc);
 	int idx = rc->Type()->AsRecordType()->FieldOffset("interv");
 	double rotation_interval = rc->LookupWithDefault(idx)->AsInterval();
@ -1448,34 +1469,63 @@ void LogMgr::Rotate(WriterInfo* winfo)
 	DBG_LOG(DBG_LOGGING, "Rotating %s at %.6f",
 		winfo->writer->Path().c_str(), network_time);
-	// Create the RotationInfo record.
+	// Build a temporary path for the writer to move the file to.
-	RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo);
+	struct tm tm;
-	info->Assign(0, winfo->type->Ref());
+	char buf[128];
-	info->Assign(1, new StringVal(winfo->writer->Path().c_str()));
+	const char* const date_fmt = "%y-%m-%d_%H.%M.%S";
-	info->Assign(2, new Val(winfo->open_time, TYPE_TIME));
+	time_t teatime = (time_t)winfo->open_time;
 	info->Assign(3, new Val(network_time, TYPE_TIME));
-	// Call the function building us the new path.
+	localtime_r(&teatime, &tm);
 	strftime(buf, sizeof(buf), date_fmt, &tm);
-	Func* rotation_path_func =
+	string tmp = string(fmt("%s-%s", winfo->writer->Path().c_str(), buf));
-		internal_func("Log::default_rotation_path_func");
+
 	// Trigger the rotation.
 	winfo->writer->Rotate(tmp, winfo->open_time, network_time, terminating);
 	}
 bool LogMgr::FinishedRotation(LogWriter* writer, string new_name, string old_name,
 		      double open, double close, bool terminating)
 	{
 	DBG_LOG(DBG_LOGGING, "Finished rotating %s at %.6f, new name %s",
 		writer->Path().c_str(), network_time, new_name.c_str());
 	WriterInfo* winfo = FindWriter(writer);
 	assert(winfo);
 	RecordVal* rc =
 		LookupRotationControl(winfo->type, winfo->writer->Path());
 	assert(rc);
 	// Create the RotationInfo record.
 	RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo);
 	info->Assign(0, winfo->type->Ref());
 	info->Assign(1, new StringVal(new_name.c_str()));
 	info->Assign(2, new StringVal(winfo->writer->Path().c_str()));
 	info->Assign(3, new Val(open, TYPE_TIME));
 	info->Assign(4, new Val(close, TYPE_TIME));
 	info->Assign(5, new Val(terminating, TYPE_BOOL));
 	int idx = rc->Type()->AsRecordType()->FieldOffset("postprocessor");
 	assert(idx >= 0);
-	string rotation_postprocessor =
+	Val* func = rc->Lookup(idx);
-		rc->LookupWithDefault(idx)->AsString()->CheckString();
+	if ( ! func )
-
+		{
-	val_list vl(1);
+		ID* id = global_scope()->Lookup("Log::__default_rotation_postprocessor");
-	vl.append(info);
+		assert(id);
-	Val* result = rotation_path_func->Call(&vl);
+		func = id->ID_Val();
 	string new_path = result->AsString()->CheckString();
 	Unref(result);
 	winfo->writer->Rotate(new_path, rotation_postprocessor,
 			      winfo->open_time, network_time, terminating);
 		}
 	assert(func);
 	// Call the postprocessor function.
 	val_list vl(1);
 	vl.append(info);
 	Val* v = func->AsFunc()->Call(&vl);
 	int result = v->AsBool();
 	Unref(v);
 	return result;
 	}
--- a/src/LogMgr.h
+++ b/src/LogMgr.h
@ -103,6 +103,10 @@ protected:
 	//// Functions safe to use by writers.
 	// Signals that a file has been rotated.
 	bool FinishedRotation(LogWriter* writer, string new_name, string old_name,
 			      double open, double close, bool terminating);
 	// Reports an error for the given writer.
 	void Error(LogWriter* writer, const char* msg);
@ -127,6 +131,7 @@ private:
 	void Rotate(WriterInfo* info);
 	RecordVal* LookupRotationControl(EnumVal* writer, string path);
 	Filter* FindFilter(EnumVal* id, StringVal* filter);
 	WriterInfo* FindWriter(LogWriter* writer);
 	vector<Stream *> streams;	// Indexed by stream enum.
 };
--- a/src/LogWriter.cc
+++ b/src/LogWriter.cc
@ -89,10 +89,10 @@ bool LogWriter::SetBuf(bool enabled)
 	return true;
 	}
-bool LogWriter::Rotate(string rotated_path, string postprocessor, double open,
+bool LogWriter::Rotate(string rotated_path, double open,
 		       double close, bool terminating)
 	{
-	if ( ! DoRotate(rotated_path, postprocessor, open, close, terminating) )
+	if ( ! DoRotate(rotated_path, open, close, terminating) )
 		{
 		disabled = true;
 		return false;
@ -151,42 +151,8 @@ void LogWriter::DeleteVals(LogVal** vals)
 	log_mgr->DeleteVals(num_fields, vals);
 	}
-bool LogWriter::RunPostProcessor(string fname, string postprocessor,
+bool LogWriter::FinishedRotation(string new_name, string old_name, double open,
-				 string old_name, double open, double close,
+				 double close, bool terminating)
 				 bool terminating)
 	{
-	// This function operates in a way that is backwards-compatible with
+	return log_mgr->FinishedRotation(this, new_name, old_name, open, close, terminating);
 	// the old Bro log rotation scheme.
 	if ( ! postprocessor.size() )
 		return true;
 	const char* const fmt = "%y-%m-%d_%H.%M.%S";
 	struct tm tm1;
 	struct tm tm2;
 	time_t tt1 = (time_t)open;
 	time_t tt2 = (time_t)close;
 	localtime_r(&tt1, &tm1);
 	localtime_r(&tt2, &tm2);
 	char buf1[128];
 	char buf2[128];
 	strftime(buf1, sizeof(buf1), fmt, &tm1);
 	strftime(buf2, sizeof(buf2), fmt, &tm2);
 	string cmd = postprocessor;
 	cmd += " " + fname;
 	cmd += " " + old_name;
 	cmd += " " + string(buf1);
 	cmd += " " + string(buf2);
 	cmd += " " + string(terminating ? "1" : "0");
 	cmd += " &";
 	system(cmd.c_str());
 	return true;
 	}
--- a/src/LogWriter.h
+++ b/src/LogWriter.h
@ -60,8 +60,7 @@ public:
 	// Triggers rotation, if the writer supports that. (If not, it will
 	// be ignored).
-	bool Rotate(string rotated_path, string postprocessor, double open,
+	bool Rotate(string rotated_path, double open, double close, bool terminating);
 		    double close, bool terminating);
 	// Finishes writing to this logger regularly. Must not be called if
 	// an error has been indicated earlier. After calling this, no
@ -77,7 +76,6 @@ public:
 	const LogField* const * Fields() const	{ return fields; }
 protected:
 	// Methods for writers to override. If any of these returs false, it
 	// will be assumed that a fatal error has occured that prevents the
 	// writer from further operation. It will then be disabled and
@ -117,18 +115,17 @@ protected:
 	// current file and open a new one.  However, a writer may also
 	// trigger other apppropiate actions if semantics are similar.
 	// 
 	// Once rotation has finished, the implementation should call
 	// RotationDone() to signal the log manager that potential
 	// postprocessors can now run.
 	//
 	// "rotate_path" reflects the path to where the rotated output is to
 	// be moved, with specifics depending on the writer. It should
 	// generally be interpreted in a way consistent with that of "path"
 	// as passed into DoInit(). As an example, for file-based output, 
 	// "rotate_path" could be the original filename extended with a
 	// timestamp indicating the time of the rotation.
-
+	// 
 	// "postprocessor" is the name of a command to execute on the rotated
 	// file. If empty, no postprocessing should take place; if given but
 	// the writer doesn't support postprocessing, it can be ignored (but
 	// the method must still return true in that case).
 	// "open" and "close" are the network time's when the *current* file
 	// was opened and closed, respectively.
 	//
@ -138,8 +135,8 @@ protected:
 	//
 	// A writer may ignore rotation requests if it doesn't fit with its
 	// semantics (but must still return true in that case).
-	virtual bool DoRotate(string rotated_path, string postprocessor,
+	virtual bool DoRotate(string rotated_path, double open, double close,
-			      double open, double close, bool terminating) = 0;
+			      bool terminating) = 0;
 	// Called once on termination. Not called when any of the other
 	// methods has previously signaled an error, i.e., executing this
@ -157,11 +154,18 @@ protected:
 	// Reports an error to the user.
 	void Error(const char *msg);
-	// Runs a post-processor on the given file. Parameters correspond to
+	// Signals to the log manager that a file has been rotated.
-	// those of DoRotate(). 
+	//
-	bool RunPostProcessor(string fname, string postprocessor,
+	// new_name: The filename of the rotated file. old_name: The filename
-			      string old_name, double open, double close,
+	// of the origina file.
-			      bool terminating);
+	//
 	// open/close: The timestamps when the original file was opened and
 	// closed, respectively.
 	//
 	// terminating: True if rotation request occured due to the main Bro
 	// process shutting down.
 	bool FinishedRotation(string new_name, string old_name, double open,
 			      double close, bool terminating);
 private:
 	friend class LogMgr;
--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@ -242,7 +242,7 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields,
 	return true;
 	}
-bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open,
+bool LogWriterAscii::DoRotate(string rotated_path, double open,
 			      double close, bool terminating)
 	{
 	if ( IsSpecial(Path()) )
@ -254,10 +254,8 @@ bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double
 	string nname = rotated_path + ".log";
 	rename(fname.c_str(), nname.c_str());
-	if ( postprocessor.size() &&
+	if ( ! FinishedRotation(nname, fname, open, close, terminating) )
-	     ! RunPostProcessor(nname, postprocessor, fname.c_str(),
+		Error(Fmt("error rotating %s to %s", fname.c_str(), nname.c_str()));
 				open, close, terminating) )
 		return false;
 	return DoInit(Path(), NumFields(), Fields());
 	}
--- a/src/LogWriterAscii.h
+++ b/src/LogWriterAscii.h
@ -20,8 +20,8 @@ protected:
 	virtual bool DoWrite(int num_fields, const LogField* const * fields,
 			     LogVal** vals);
 	virtual bool DoSetBuf(bool enabled);
-	virtual bool DoRotate(string rotated_path, string postprocessr,
+	virtual bool DoRotate(string rotated_path, double open, double close,
-			      double open, double close, bool terminating);
+			      bool terminating);
 	virtual bool DoFlush();
 	virtual void DoFinish();
--- a/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out
+++ b/testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out
@ -1,33 +1,33 @@
-1st test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
+1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
-1st test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0
+1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
-1st test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0
+1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
-1st test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0
+1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
-1st test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0
+1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
-1st test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0
+1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
-1st test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0
+1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
-1st test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0
+1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
-1st test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0
+1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
-1st test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1
+1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
-2nd test2-11-03-07_03.00.05.log test2.log 11-03-07_03.00.05 11-03-07_03.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.00.05.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F]
-2nd test2-11-03-07_03.59.55.log test2.log 11-03-07_03.59.55 11-03-07_04.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.59.55.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F]
-2nd test2-11-03-07_04.00.05.log test2.log 11-03-07_04.00.05 11-03-07_04.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.00.05.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F]
-2nd test2-11-03-07_04.59.55.log test2.log 11-03-07_04.59.55 11-03-07_05.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.59.55.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F]
-2nd test2-11-03-07_05.00.05.log test2.log 11-03-07_05.00.05 11-03-07_05.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.00.05.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F]
-2nd test2-11-03-07_05.59.55.log test2.log 11-03-07_05.59.55 11-03-07_06.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.59.55.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F]
-2nd test2-11-03-07_06.00.05.log test2.log 11-03-07_06.00.05 11-03-07_06.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.00.05.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F]
-2nd test2-11-03-07_06.59.55.log test2.log 11-03-07_06.59.55 11-03-07_07.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.59.55.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F]
-2nd test2-11-03-07_07.00.05.log test2.log 11-03-07_07.00.05 11-03-07_07.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.00.05.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F]
-2nd test2-11-03-07_07.59.55.log test2.log 11-03-07_07.59.55 11-03-07_08.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.59.55.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F]
-2nd test2-11-03-07_08.00.05.log test2.log 11-03-07_08.00.05 11-03-07_08.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.00.05.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F]
-2nd test2-11-03-07_08.59.55.log test2.log 11-03-07_08.59.55 11-03-07_09.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.59.55.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F]
-2nd test2-11-03-07_09.00.05.log test2.log 11-03-07_09.00.05 11-03-07_09.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.00.05.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F]
-2nd test2-11-03-07_09.59.55.log test2.log 11-03-07_09.59.55 11-03-07_10.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.59.55.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F]
-2nd test2-11-03-07_10.00.05.log test2.log 11-03-07_10.00.05 11-03-07_10.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.00.05.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F]
-2nd test2-11-03-07_10.59.55.log test2.log 11-03-07_10.59.55 11-03-07_11.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.59.55.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F]
-2nd test2-11-03-07_11.00.05.log test2.log 11-03-07_11.00.05 11-03-07_11.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F]
-2nd test2-11-03-07_11.59.55.log test2.log 11-03-07_11.59.55 11-03-07_12.00.05 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F]
-2nd test2-11-03-07_12.00.05.log test2.log 11-03-07_12.00.05 11-03-07_12.59.55 0
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
-2nd test2-11-03-07_12.59.55.log test2.log 11-03-07_12.59.55 11-03-07_12.59.55 1
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024
 1299470395.000000	10.0.0.2	20	10.0.0.3	0
@ -49,16 +49,16 @@
 1299499195.000000	10.0.0.2	20	10.0.0.3	8
 1299499205.000000	10.0.0.1	20	10.0.0.2	1033
 1299502795.000000	10.0.0.2	20	10.0.0.3	9
-> test-11-03-07_03.00.05.log
+> test.2011-03-07-03-00-05.log
-> test-11-03-07_04.00.05.log
+> test.2011-03-07-04-00-05.log
-> test-11-03-07_05.00.05.log
+> test.2011-03-07-05-00-05.log
-> test-11-03-07_06.00.05.log
+> test.2011-03-07-06-00-05.log
-> test-11-03-07_07.00.05.log
+> test.2011-03-07-07-00-05.log
-> test-11-03-07_08.00.05.log
+> test.2011-03-07-08-00-05.log
-> test-11-03-07_09.00.05.log
+> test.2011-03-07-09-00-05.log
-> test-11-03-07_10.00.05.log
+> test.2011-03-07-10-00-05.log
-> test-11-03-07_11.00.05.log
+> test.2011-03-07-11-00-05.log
-> test-11-03-07_12.00.05.log
+> test.2011-03-07-12-00-05.log
 > test.log
 > test2-11-03-07_03.00.05.log
 > test2-11-03-07_03.59.55.log
--- a/testing/btest/Baseline/policy.frameworks.logging.rotate/out
+++ b/testing/btest/Baseline/policy.frameworks.logging.rotate/out
@ -1,50 +1,50 @@
-test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
+test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
-test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0
+test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
-test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0
+test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
-test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0
+test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
-test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0
+test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
-test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0
+test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
-test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0
+test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
-test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0
+test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
-test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0
+test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
-test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1
+test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
-> test-11-03-07_03.00.05.log
+> test.2011-03-07-03-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024
 1299470395.000000	10.0.0.2	20	10.0.0.3	0
-> test-11-03-07_04.00.05.log
+> test.2011-03-07-04-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299470405.000000	10.0.0.1	20	10.0.0.2	1025
 1299473995.000000	10.0.0.2	20	10.0.0.3	1
-> test-11-03-07_05.00.05.log
+> test.2011-03-07-05-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299474005.000000	10.0.0.1	20	10.0.0.2	1026
 1299477595.000000	10.0.0.2	20	10.0.0.3	2
-> test-11-03-07_06.00.05.log
+> test.2011-03-07-06-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299477605.000000	10.0.0.1	20	10.0.0.2	1027
 1299481195.000000	10.0.0.2	20	10.0.0.3	3
-> test-11-03-07_07.00.05.log
+> test.2011-03-07-07-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299481205.000000	10.0.0.1	20	10.0.0.2	1028
 1299484795.000000	10.0.0.2	20	10.0.0.3	4
-> test-11-03-07_08.00.05.log
+> test.2011-03-07-08-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299484805.000000	10.0.0.1	20	10.0.0.2	1029
 1299488395.000000	10.0.0.2	20	10.0.0.3	5
-> test-11-03-07_09.00.05.log
+> test.2011-03-07-09-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299488405.000000	10.0.0.1	20	10.0.0.2	1030
 1299491995.000000	10.0.0.2	20	10.0.0.3	6
-> test-11-03-07_10.00.05.log
+> test.2011-03-07-10-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299492005.000000	10.0.0.1	20	10.0.0.2	1031
 1299495595.000000	10.0.0.2	20	10.0.0.3	7
-> test-11-03-07_11.00.05.log
+> test.2011-03-07-11-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299495605.000000	10.0.0.1	20	10.0.0.2	1032
 1299499195.000000	10.0.0.2	20	10.0.0.3	8
-> test-11-03-07_12.00.05.log
+> test.2011-03-07-12-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299499205.000000	10.0.0.1	20	10.0.0.2	1033
 1299502795.000000	10.0.0.2	20	10.0.0.3	9
--- a/testing/btest/policy/frameworks/logging/rotate-custom.bro
+++ b/testing/btest/policy/frameworks/logging/rotate-custom.bro
@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT | egrep "test|test2" | sort >out
+# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | egrep "test|test2" | sort >out
 # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out
 # @TEST-EXEC: btest-diff out
@ -18,10 +18,16 @@ export {
 }
 redef Log::default_rotation_interval = 1hr;
-redef Log::default_rotation_postprocessor = "echo 1st";
+redef Log::default_rotation_postprocessor_cmd = "echo 1st";
 function custom_rotate(info: Log::RotationInfo) : bool
 {
    print "custom rotate", info;
    return T;
 }
 redef Log::rotation_control += {
-	[Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor="echo 2nd"]
+	[Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor=custom_rotate]
 };
 event bro_init()
--- a/testing/btest/policy/frameworks/logging/rotate.bro
+++ b/testing/btest/policy/frameworks/logging/rotate.bro
@ -1,6 +1,6 @@
 #
-# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT | grep "test" >out
+# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT 2>&1 | grep "test" >out
-# @TEST-EXEC: for i in test-*.log; do printf '> %s\n' $i; cat $i; done >>out
+# @TEST-EXEC: for i in test.*.log; do printf '> %s\n' $i; cat $i; done >>out
 # @TEST-EXEC: btest-diff out
 module Test;
@ -18,7 +18,7 @@ export {
 }
 redef Log::default_rotation_interval = 1hr;
-redef Log::default_rotation_postprocessor = "echo";
+redef Log::default_rotation_postprocessor_cmd = "echo";
 event bro_init()
 {
		`@ -1 +1 @@`
			`Subproject commit 4fc13f7c6987b4163609e3df7a31f38501411cb7`				`Subproject commit 7cdd9c39d97c2984293fbe4a6dbe9ac0b33ecbfa`