Merge branch 'topic/robin/rotation-pp'

* topic/robin/rotation-pp:
  Adding a default_path_func that makes the default naming scheme script-level controlled.
  Reworking logging's postprocessor logic.

Conflicts:
	scripts/base/frameworks/logging/main.bro
	testing/btest/policy/frameworks/logging/rotate-custom.bro

aux/binpac

@@ -1 +1 @@
-Subproject commit 4fc13f7c6987b4163609e3df7a31f38501411cb7
+Subproject commit 7cdd9c39d97c2984293fbe4a6dbe9ac0b33ecbfa

scripts/base/frameworks/cluster/nodes/manager.bro

@@ -14,7 +14,7 @@
 redef Log::enable_remote_logging = F;
 
 ## Use the cluster's archive logging script.
-redef Log::default_rotation_postprocessor = "archive-log";
+redef Log::default_rotation_postprocessor_cmd = "archive-log";
 
 ## We're processing essentially *only* remote events.
 redef max_remote_events_processed = 10000;

scripts/base/frameworks/cluster/nodes/proxy.bro

@@ -12,5 +12,5 @@ redef Log::enable_local_logging = F;
 redef Log::enable_remote_logging = T;
 
 ## Use the cluster's delete-log script.
-redef Log::default_rotation_postprocessor = "delete-log";
+redef Log::default_rotation_postprocessor_cmd = "delete-log";
 

scripts/base/frameworks/cluster/nodes/worker.bro

@@ -8,7 +8,7 @@ redef Log::enable_local_logging = F;
 redef Log::enable_remote_logging = T;
 
 ## Use the cluster's delete-log script.
-redef Log::default_rotation_postprocessor = "delete-log";
+redef Log::default_rotation_postprocessor_cmd = "delete-log";
 
 ## Record all packets into trace file.
 # TODO: should we really be setting this to T?

scripts/base/frameworks/logging/main.bro

@@ -27,6 +27,17 @@ export {
 		ev: any &optional;
 	};
 
+	## Default function for building the path values for log filters if not
+	## speficied otherwise by a filter. The default implementation uses ``id``
+	## to derive a name.
+	##
+	## id: The log stream.
+	## path: A suggested path value, which may be either the filter's ``path``
+	## if defined or a fall-back generated internally.
+	##
+	## Returns: The path to be used for the filter.
+	global default_path_func: function(id: ID, path: string) : string &redef;
+
 	## Filter customizing logging.
 	type Filter: record {
 		## Descriptive name to reference this filter.
@@ -81,36 +92,34 @@ export {
 
 	## Information passed into rotation callback functions.
 	type RotationInfo: record {
-		writer: Writer;	##< Writer.
-		path: string;	##< Original path value.
-		open: time;	##< Time when opened.
-		close: time;	##< Time when closed.
+		writer: Writer;		##< Writer.
+		fname: string;		##< Full name of the rotated file.
+		path: string;		##< Original path value.
+		open: time;			##< Time when opened.
+		close: time;		##< Time when closed.
+		terminating: bool;	##< True if rotation occured due to Bro shutting down.
 	};
 
 	## Default rotation interval. Zero disables rotation.
 	const default_rotation_interval = 0secs &redef;
 
-	## Default naming suffix format. Uses a strftime() style.
-	const default_rotation_date_format = "%y-%m-%d_%H.%M.%S" &redef;
+	## Default naming format for timestamps embedded into filenames. Uses a strftime() style.
+	const default_rotation_date_format = "%Y-%m-%d-%H-%M-%S" &redef;
 
-	## Default postprocessor for writers outputting into files.
-	const default_rotation_postprocessor = "" &redef;
+	## Default shell command to run on rotated files. Empty for none.
+	const default_rotation_postprocessor_cmd = "" &redef;
 
-	## Default function to construct the name of a rotated output file.
-	## The default implementation appends info$date_fmt to the original
-	## file name.
-	##
-	## info: Meta-data about the file to be rotated.
-	global default_rotation_path_func: function(info: RotationInfo) : string &redef;
+	## Specifies the default postprocessor function per writer type. Entries in this
+	## table are initialized by each writer type.
+	const default_rotation_postprocessors: table[Writer] of function(info: RotationInfo) : bool &redef;
 
 	## Type for controlling file rotation.
 	type RotationControl: record  {
 		## Rotation interval.
 		interv: interval &default=default_rotation_interval;
-		## Format for timestamps embedded into rotated file names.
-		date_fmt: string &default=default_rotation_date_format;
-		## Postprocessor process to run on rotate file.
-		postprocessor: string &default=default_rotation_postprocessor;
+		## Callback function to trigger for rotated files. If not set, the default
+		## comes out of default_rotation_postprocessors.
+		postprocessor: function(info: RotationInfo) : bool &optional;
 	};
 
 	## Specifies rotation parameters per ``(id, path)`` tuple.
@@ -133,6 +142,8 @@ export {
 	global flush: function(id: ID): bool;
 	global add_default_filter: function(id: ID) : bool;
 	global remove_default_filter: function(id: ID) : bool;
+
+	global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool;
 }
 
 # We keep a script-level copy of all filters so that we can manipulate them.
@@ -140,10 +151,39 @@ global filters: table[ID, string] of Filter;
 
 @load logging.bif.bro # Needs Filter and Stream defined.
 
-function default_rotation_path_func(info: RotationInfo) : string
+module Log;
+
+# Used internally by the log manager.
+function __default_rotation_postprocessor(info: RotationInfo) : bool
 	{
-	local date_fmt = rotation_control[info$writer, info$path]$date_fmt;
-	return fmt("%s-%s", info$path, strftime(date_fmt, info$open));
+	if ( info$writer in default_rotation_postprocessors )
+		return default_rotation_postprocessors[info$writer](info);
+	}
+
+function default_path_func(id: ID, path: string) : string
+	{
+	# TODO for Seth: Do what you want. :)
+	return path;
+	}
+
+# Run post-processor on file. If there isn't any postprocessor defined,
+# we move the file to a nicer name.
+function run_rotation_postprocessor_cmd(info: RotationInfo, npath: string) : bool
+	{
+	local pp_cmd = default_rotation_postprocessor_cmd;
+
+	if ( pp_cmd == "" )
+		return T;
+
+	# The date format is hard-coded here to provide a standardized
+	# script interface.
+	system(fmt("%s %s %s %s %s %d",
+               pp_cmd, npath, info$path,
+               strftime("%y-%m-%d_%H.%M.%S", info$open),
+               strftime("%y-%m-%d_%H.%M.%S", info$close),
+               info$terminating));
+
+	return T;
 	}
 
 function create_stream(id: ID, stream: Stream) : bool
@@ -162,6 +202,12 @@ function disable_stream(id: ID) : bool
 
 function add_filter(id: ID, filter: Filter) : bool
 	{
+	# This is a work-around for the fact that we can't forward-declare
+	# the default_path_func and then use it as &default in the record
+	# definition.
+	if ( ! filter?$path_func )
+		filter$path_func = default_path_func;
+
 	filters[id, filter$name] = filter;
 	return __add_filter(id, filter);
 	}

scripts/base/frameworks/logging/writers/ascii.bro

@@ -26,4 +26,19 @@ export {
 	const unset_field = "-" &redef;
 }
 
+# Default function to postprocess a rotated ASCII log file. It moves the rotated
+# file to a new name that includes a timestamp with the opening time, and then
+# runs the writer's default postprocessor command on it.
+function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool
+	{
+	# Move file to name including both opening and closing time.
+	local dst = fmt("%s.%s.log", info$path,
+			strftime(Log::default_rotation_date_format, info$open));
 
+	system(fmt("/bin/mv %s %s", info$fname, dst));
+
+	# Run default postprocessor.
+	return Log::run_rotation_postprocessor_cmd(info, dst);
+	}
+
+redef Log::default_rotation_postprocessors += { [Log::WRITER_ASCII] = default_rotation_postprocessor_func };

src/LogMgr.cc

@@ -433,6 +433,25 @@ LogMgr::Stream* LogMgr::FindStream(EnumVal* id)
 	return streams[idx];
 	}
 
+LogMgr::WriterInfo* LogMgr::FindWriter(LogWriter* writer)
+	{
+	for ( vector<Stream *>::iterator s = streams.begin(); s != streams.end(); ++s )
+		{
+		if ( ! *s )
+			continue;
+
+		for ( Stream::WriterMap::iterator i = (*s)->writers.begin(); i != (*s)->writers.end(); i++ )
+			{
+			WriterInfo* winfo = i->second;
+
+			if ( winfo->writer == writer )
+				return winfo;
+			}
+		}
+
+	return 0;
+	}
+
 void LogMgr::RemoveDisabledWriters(Stream* stream)
 	{
 	list<Stream::WriterPathPair> disabled;
@@ -1411,6 +1430,8 @@ void LogMgr::InstallRotationTimer(WriterInfo* winfo)
 	RecordVal* rc =
 		LookupRotationControl(winfo->type, winfo->writer->Path());
 
+	assert(rc);
+
 	int idx = rc->Type()->AsRecordType()->FieldOffset("interv");
 	double rotation_interval = rc->LookupWithDefault(idx)->AsInterval();
 
@@ -1448,34 +1469,63 @@ void LogMgr::Rotate(WriterInfo* winfo)
 	DBG_LOG(DBG_LOGGING, "Rotating %s at %.6f",
 		winfo->writer->Path().c_str(), network_time);
 
-	// Create the RotationInfo record.
-	RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo);
-	info->Assign(0, winfo->type->Ref());
-	info->Assign(1, new StringVal(winfo->writer->Path().c_str()));
-	info->Assign(2, new Val(winfo->open_time, TYPE_TIME));
-	info->Assign(3, new Val(network_time, TYPE_TIME));
+	// Build a temporary path for the writer to move the file to.
+	struct tm tm;
+	char buf[128];
+	const char* const date_fmt = "%y-%m-%d_%H.%M.%S";
+	time_t teatime = (time_t)winfo->open_time;
 
-	// Call the function building us the new path.
+	localtime_r(&teatime, &tm);
+	strftime(buf, sizeof(buf), date_fmt, &tm);
 
-	Func* rotation_path_func =
-		internal_func("Log::default_rotation_path_func");
+	string tmp = string(fmt("%s-%s", winfo->writer->Path().c_str(), buf));
+
+	// Trigger the rotation.
+	winfo->writer->Rotate(tmp, winfo->open_time, network_time, terminating);
+	}
+
+bool LogMgr::FinishedRotation(LogWriter* writer, string new_name, string old_name,
+		      double open, double close, bool terminating)
+	{
+	DBG_LOG(DBG_LOGGING, "Finished rotating %s at %.6f, new name %s",
+		writer->Path().c_str(), network_time, new_name.c_str());
+
+	WriterInfo* winfo = FindWriter(writer);
+	assert(winfo);
 
 	RecordVal* rc =
 		LookupRotationControl(winfo->type, winfo->writer->Path());
 
+	assert(rc);
+
+	// Create the RotationInfo record.
+	RecordVal* info = new RecordVal(BifType::Record::Log::RotationInfo);
+	info->Assign(0, winfo->type->Ref());
+	info->Assign(1, new StringVal(new_name.c_str()));
+	info->Assign(2, new StringVal(winfo->writer->Path().c_str()));
+	info->Assign(3, new Val(open, TYPE_TIME));
+	info->Assign(4, new Val(close, TYPE_TIME));
+	info->Assign(5, new Val(terminating, TYPE_BOOL));
+
 	int idx = rc->Type()->AsRecordType()->FieldOffset("postprocessor");
+	assert(idx >= 0);
 
-	string rotation_postprocessor =
-		rc->LookupWithDefault(idx)->AsString()->CheckString();
+	Val* func = rc->Lookup(idx);
+	if ( ! func )
+		{
+		ID* id = global_scope()->Lookup("Log::__default_rotation_postprocessor");
+		assert(id);
+		func = id->ID_Val();
+		}
 
+	assert(func);
+
+	// Call the postprocessor function.
 	val_list vl(1);
 	vl.append(info);
-	Val* result = rotation_path_func->Call(&vl);
-	string new_path = result->AsString()->CheckString();
-	Unref(result);
-
-	winfo->writer->Rotate(new_path, rotation_postprocessor,
-			      winfo->open_time, network_time, terminating);
+	Val* v = func->AsFunc()->Call(&vl);
+	int result = v->AsBool();
+	Unref(v);
+	return result;
 	}
 
-

src/LogMgr.h

@@ -103,6 +103,10 @@ protected:
 
 	//// Functions safe to use by writers.
 
+	// Signals that a file has been rotated.
+	bool FinishedRotation(LogWriter* writer, string new_name, string old_name,
+			      double open, double close, bool terminating);
+
 	// Reports an error for the given writer.
 	void Error(LogWriter* writer, const char* msg);
 
@@ -127,6 +131,7 @@ private:
 	void Rotate(WriterInfo* info);
 	RecordVal* LookupRotationControl(EnumVal* writer, string path);
 	Filter* FindFilter(EnumVal* id, StringVal* filter);
+	WriterInfo* FindWriter(LogWriter* writer);
 
 	vector<Stream *> streams;	// Indexed by stream enum.
 };

src/LogWriter.cc

@@ -89,10 +89,10 @@ bool LogWriter::SetBuf(bool enabled)
 	return true;
 	}
 
-bool LogWriter::Rotate(string rotated_path, string postprocessor, double open,
+bool LogWriter::Rotate(string rotated_path, double open,
 		       double close, bool terminating)
 	{
-	if ( ! DoRotate(rotated_path, postprocessor, open, close, terminating) )
+	if ( ! DoRotate(rotated_path, open, close, terminating) )
 		{
 		disabled = true;
 		return false;
@@ -151,42 +151,8 @@ void LogWriter::DeleteVals(LogVal** vals)
 	log_mgr->DeleteVals(num_fields, vals);
 	}
 
-bool LogWriter::RunPostProcessor(string fname, string postprocessor,
-				 string old_name, double open, double close,
-				 bool terminating)
+bool LogWriter::FinishedRotation(string new_name, string old_name, double open,
+				 double close, bool terminating)
 	{
-	// This function operates in a way that is backwards-compatible with
-	// the old Bro log rotation scheme.
-
-	if ( ! postprocessor.size() )
-		return true;
-
-	const char* const fmt = "%y-%m-%d_%H.%M.%S";
-
-	struct tm tm1;
-	struct tm tm2;
-
-	time_t tt1 = (time_t)open;
-	time_t tt2 = (time_t)close;
-
-	localtime_r(&tt1, &tm1);
-	localtime_r(&tt2, &tm2);
-
-	char buf1[128];
-	char buf2[128];
-
-	strftime(buf1, sizeof(buf1), fmt, &tm1);
-	strftime(buf2, sizeof(buf2), fmt, &tm2);
-
-	string cmd = postprocessor;
-	cmd += " " + fname;
-	cmd += " " + old_name;
-	cmd += " " + string(buf1);
-	cmd += " " + string(buf2);
-	cmd += " " + string(terminating ? "1" : "0");
-	cmd += " &";
-
-	system(cmd.c_str());
-
-	return true;
+	return log_mgr->FinishedRotation(this, new_name, old_name, open, close, terminating);
 	}

src/LogWriter.h

@@ -60,8 +60,7 @@ public:
 
 	// Triggers rotation, if the writer supports that. (If not, it will
 	// be ignored).
-	bool Rotate(string rotated_path, string postprocessor, double open,
-		    double close, bool terminating);
+	bool Rotate(string rotated_path, double open, double close, bool terminating);
 
 	// Finishes writing to this logger regularly. Must not be called if
 	// an error has been indicated earlier. After calling this, no
@@ -77,7 +76,6 @@ public:
 	const LogField* const * Fields() const	{ return fields; }
 
 protected:
-
 	// Methods for writers to override. If any of these returs false, it
 	// will be assumed that a fatal error has occured that prevents the
 	// writer from further operation. It will then be disabled and
@@ -117,18 +115,17 @@ protected:
 	// current file and open a new one.  However, a writer may also
 	// trigger other apppropiate actions if semantics are similar.
 	// 
+	// Once rotation has finished, the implementation should call
+	// RotationDone() to signal the log manager that potential
+	// postprocessors can now run.
+	//
 	// "rotate_path" reflects the path to where the rotated output is to
 	// be moved, with specifics depending on the writer. It should
 	// generally be interpreted in a way consistent with that of "path"
 	// as passed into DoInit(). As an example, for file-based output, 
 	// "rotate_path" could be the original filename extended with a
 	// timestamp indicating the time of the rotation.
-
-	// "postprocessor" is the name of a command to execute on the rotated
-	// file. If empty, no postprocessing should take place; if given but
-	// the writer doesn't support postprocessing, it can be ignored (but
-	// the method must still return true in that case).
-
+	// 
 	// "open" and "close" are the network time's when the *current* file
 	// was opened and closed, respectively.
 	//
@@ -138,8 +135,8 @@ protected:
 	//
 	// A writer may ignore rotation requests if it doesn't fit with its
 	// semantics (but must still return true in that case).
-	virtual bool DoRotate(string rotated_path, string postprocessor,
-			      double open, double close, bool terminating) = 0;
+	virtual bool DoRotate(string rotated_path, double open, double close,
+			      bool terminating) = 0;
 
 	// Called once on termination. Not called when any of the other
 	// methods has previously signaled an error, i.e., executing this
@@ -157,11 +154,18 @@ protected:
 	// Reports an error to the user.
 	void Error(const char *msg);
 
-	// Runs a post-processor on the given file. Parameters correspond to
-	// those of DoRotate(). 
-	bool RunPostProcessor(string fname, string postprocessor,
-			      string old_name, double open, double close,
-			      bool terminating);
+	// Signals to the log manager that a file has been rotated.
+	//
+	// new_name: The filename of the rotated file. old_name: The filename
+	// of the origina file.
+	//
+	// open/close: The timestamps when the original file was opened and
+	// closed, respectively.
+	//
+	// terminating: True if rotation request occured due to the main Bro
+	// process shutting down.
+	bool FinishedRotation(string new_name, string old_name, double open,
+			      double close, bool terminating);
 
 private:
 	friend class LogMgr;

src/LogWriterAscii.cc

@@ -242,7 +242,7 @@ bool LogWriterAscii::DoWrite(int num_fields, const LogField* const * fields,
 	return true;
 	}
 
-bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double open,
+bool LogWriterAscii::DoRotate(string rotated_path, double open,
 			      double close, bool terminating)
 	{
 	if ( IsSpecial(Path()) )
@@ -254,10 +254,8 @@ bool LogWriterAscii::DoRotate(string rotated_path, string postprocessor, double
 	string nname = rotated_path + ".log";
 	rename(fname.c_str(), nname.c_str());
 
-	if ( postprocessor.size() &&
-	     ! RunPostProcessor(nname, postprocessor, fname.c_str(),
-				open, close, terminating) )
-		return false;
+	if ( ! FinishedRotation(nname, fname, open, close, terminating) )
+		Error(Fmt("error rotating %s to %s", fname.c_str(), nname.c_str()));
 
 	return DoInit(Path(), NumFields(), Fields());
 	}

src/LogWriterAscii.h

@@ -20,8 +20,8 @@ protected:
 	virtual bool DoWrite(int num_fields, const LogField* const * fields,
 			     LogVal** vals);
 	virtual bool DoSetBuf(bool enabled);
-	virtual bool DoRotate(string rotated_path, string postprocessr,
-			      double open, double close, bool terminating);
+	virtual bool DoRotate(string rotated_path, double open, double close,
+			      bool terminating);
 	virtual bool DoFlush();
 	virtual void DoFinish();
 

testing/btest/Baseline/policy.frameworks.logging.rotate-custom/out

@@ -1,33 +1,33 @@
-1st test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
-1st test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0
-1st test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0
-1st test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0
-1st test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0
-1st test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0
-1st test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0
-1st test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0
-1st test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0
-1st test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1
-2nd test2-11-03-07_03.00.05.log test2.log 11-03-07_03.00.05 11-03-07_03.59.55 0
-2nd test2-11-03-07_03.59.55.log test2.log 11-03-07_03.59.55 11-03-07_04.00.05 0
-2nd test2-11-03-07_04.00.05.log test2.log 11-03-07_04.00.05 11-03-07_04.59.55 0
-2nd test2-11-03-07_04.59.55.log test2.log 11-03-07_04.59.55 11-03-07_05.00.05 0
-2nd test2-11-03-07_05.00.05.log test2.log 11-03-07_05.00.05 11-03-07_05.59.55 0
-2nd test2-11-03-07_05.59.55.log test2.log 11-03-07_05.59.55 11-03-07_06.00.05 0
-2nd test2-11-03-07_06.00.05.log test2.log 11-03-07_06.00.05 11-03-07_06.59.55 0
-2nd test2-11-03-07_06.59.55.log test2.log 11-03-07_06.59.55 11-03-07_07.00.05 0
-2nd test2-11-03-07_07.00.05.log test2.log 11-03-07_07.00.05 11-03-07_07.59.55 0
-2nd test2-11-03-07_07.59.55.log test2.log 11-03-07_07.59.55 11-03-07_08.00.05 0
-2nd test2-11-03-07_08.00.05.log test2.log 11-03-07_08.00.05 11-03-07_08.59.55 0
-2nd test2-11-03-07_08.59.55.log test2.log 11-03-07_08.59.55 11-03-07_09.00.05 0
-2nd test2-11-03-07_09.00.05.log test2.log 11-03-07_09.00.05 11-03-07_09.59.55 0
-2nd test2-11-03-07_09.59.55.log test2.log 11-03-07_09.59.55 11-03-07_10.00.05 0
-2nd test2-11-03-07_10.00.05.log test2.log 11-03-07_10.00.05 11-03-07_10.59.55 0
-2nd test2-11-03-07_10.59.55.log test2.log 11-03-07_10.59.55 11-03-07_11.00.05 0
-2nd test2-11-03-07_11.00.05.log test2.log 11-03-07_11.00.05 11-03-07_11.59.55 0
-2nd test2-11-03-07_11.59.55.log test2.log 11-03-07_11.59.55 11-03-07_12.00.05 0
-2nd test2-11-03-07_12.00.05.log test2.log 11-03-07_12.00.05 11-03-07_12.59.55 0
-2nd test2-11-03-07_12.59.55.log test2.log 11-03-07_12.59.55 11-03-07_12.59.55 1
+1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
+1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
+1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
+1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
+1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
+1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
+1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
+1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
+1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
+1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.00.05.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.59.55.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.00.05.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.59.55.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.00.05.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.59.55.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.00.05.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.59.55.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.00.05.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.59.55.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.00.05.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.59.55.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.00.05.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.59.55.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.00.05.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.59.55.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
+custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024
 1299470395.000000	10.0.0.2	20	10.0.0.3	0
@@ -49,16 +49,16 @@
 1299499195.000000	10.0.0.2	20	10.0.0.3	8
 1299499205.000000	10.0.0.1	20	10.0.0.2	1033
 1299502795.000000	10.0.0.2	20	10.0.0.3	9
-> test-11-03-07_03.00.05.log
-> test-11-03-07_04.00.05.log
-> test-11-03-07_05.00.05.log
-> test-11-03-07_06.00.05.log
-> test-11-03-07_07.00.05.log
-> test-11-03-07_08.00.05.log
-> test-11-03-07_09.00.05.log
-> test-11-03-07_10.00.05.log
-> test-11-03-07_11.00.05.log
-> test-11-03-07_12.00.05.log
+> test.2011-03-07-03-00-05.log
+> test.2011-03-07-04-00-05.log
+> test.2011-03-07-05-00-05.log
+> test.2011-03-07-06-00-05.log
+> test.2011-03-07-07-00-05.log
+> test.2011-03-07-08-00-05.log
+> test.2011-03-07-09-00-05.log
+> test.2011-03-07-10-00-05.log
+> test.2011-03-07-11-00-05.log
+> test.2011-03-07-12-00-05.log
 > test.log
 > test2-11-03-07_03.00.05.log
 > test2-11-03-07_03.59.55.log

testing/btest/Baseline/policy.frameworks.logging.rotate/out

@@ -1,50 +1,50 @@
-test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
-test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0
-test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0
-test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0
-test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0
-test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0
-test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0
-test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0
-test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0
-test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1
-> test-11-03-07_03.00.05.log
+test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
+test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
+test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
+test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
+test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
+test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
+test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
+test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
+test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
+test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
+> test.2011-03-07-03-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299466805.000000	10.0.0.1	20	10.0.0.2	1024
 1299470395.000000	10.0.0.2	20	10.0.0.3	0
-> test-11-03-07_04.00.05.log
+> test.2011-03-07-04-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299470405.000000	10.0.0.1	20	10.0.0.2	1025
 1299473995.000000	10.0.0.2	20	10.0.0.3	1
-> test-11-03-07_05.00.05.log
+> test.2011-03-07-05-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299474005.000000	10.0.0.1	20	10.0.0.2	1026
 1299477595.000000	10.0.0.2	20	10.0.0.3	2
-> test-11-03-07_06.00.05.log
+> test.2011-03-07-06-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299477605.000000	10.0.0.1	20	10.0.0.2	1027
 1299481195.000000	10.0.0.2	20	10.0.0.3	3
-> test-11-03-07_07.00.05.log
+> test.2011-03-07-07-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299481205.000000	10.0.0.1	20	10.0.0.2	1028
 1299484795.000000	10.0.0.2	20	10.0.0.3	4
-> test-11-03-07_08.00.05.log
+> test.2011-03-07-08-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299484805.000000	10.0.0.1	20	10.0.0.2	1029
 1299488395.000000	10.0.0.2	20	10.0.0.3	5
-> test-11-03-07_09.00.05.log
+> test.2011-03-07-09-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299488405.000000	10.0.0.1	20	10.0.0.2	1030
 1299491995.000000	10.0.0.2	20	10.0.0.3	6
-> test-11-03-07_10.00.05.log
+> test.2011-03-07-10-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299492005.000000	10.0.0.1	20	10.0.0.2	1031
 1299495595.000000	10.0.0.2	20	10.0.0.3	7
-> test-11-03-07_11.00.05.log
+> test.2011-03-07-11-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299495605.000000	10.0.0.1	20	10.0.0.2	1032
 1299499195.000000	10.0.0.2	20	10.0.0.3	8
-> test-11-03-07_12.00.05.log
+> test.2011-03-07-12-00-05.log
 # t	id.orig_h	id.orig_p	id.resp_h	id.resp_p
 1299499205.000000	10.0.0.1	20	10.0.0.2	1033
 1299502795.000000	10.0.0.2	20	10.0.0.3	9

testing/btest/policy/frameworks/logging/rotate-custom.bro

@@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT | egrep "test|test2" | sort >out
+# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | egrep "test|test2" | sort >out
 # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out
 # @TEST-EXEC: btest-diff out
 
@@ -18,10 +18,16 @@ export {
 }
 
 redef Log::default_rotation_interval = 1hr;
-redef Log::default_rotation_postprocessor = "echo 1st";
+redef Log::default_rotation_postprocessor_cmd = "echo 1st";
+
+function custom_rotate(info: Log::RotationInfo) : bool
+{
+    print "custom rotate", info;
+    return T;
+}
 
 redef Log::rotation_control += {
-	[Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor="echo 2nd"]
+	[Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor=custom_rotate]
 };
 
 event bro_init()

testing/btest/policy/frameworks/logging/rotate.bro

@@ -1,6 +1,6 @@
 #
-# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT | grep "test" >out
-# @TEST-EXEC: for i in test-*.log; do printf '> %s\n' $i; cat $i; done >>out
+# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT 2>&1 | grep "test" >out
+# @TEST-EXEC: for i in test.*.log; do printf '> %s\n' $i; cat $i; done >>out
 # @TEST-EXEC: btest-diff out
 
 module Test;
@@ -18,7 +18,7 @@ export {
 }
 
 redef Log::default_rotation_interval = 1hr;
-redef Log::default_rotation_postprocessor = "echo";
+redef Log::default_rotation_postprocessor_cmd = "echo";
 
 event bro_init()
 {