diff --git a/policy/logging.bro b/policy/logging.bro index 36f866c91f..c5613e4ada 100644 --- a/policy/logging.bro +++ b/policy/logging.bro @@ -3,6 +3,15 @@ module Log; # Log::ID and Log::Writer are defined in bro.init due to circular dependencies. export { + # The default writer to use. + const default_writer = Log::WRITER_ASCII &redef; + + # If true, local logging is by default enabled for all filters. + const enable_local_logging = T &redef; + + # If true, remote logging is by default enabled for all filters. + const enable_remote_logging = T &redef; + # A stream defining the logging. type Stream: record { # A record type defining the log's columns. @@ -41,8 +50,14 @@ export { include: set[string] &optional; exclude: set[string] &optional; + # If true, record all log records locally. + log_local: bool &default=Log::enable_local_logging; + + # If true, pass all log records on to remote peers if they request it. + log_remote: bool &default=Log::enable_remote_logging; + # The writer to use. - writer: Writer &optional; + writer: Writer &default=Log::default_writer; }; global create_stream: function(id: Log::ID, stream: Log::Stream) : bool; @@ -59,12 +74,6 @@ export { module Log; -export { - # The default writer to use if a filter does not specify - # anything else. - const default_writer = Log::WRITER_ASCII &redef; -} - function create_stream(id: Log::ID, stream: Log::Stream) : bool { if ( ! Log::__create_stream(id, stream) ) diff --git a/src/LogMgr.cc b/src/LogMgr.cc index 828fd95a4a..ca566a84b3 100644 --- a/src/LogMgr.cc +++ b/src/LogMgr.cc @@ -27,6 +27,8 @@ struct LogMgr::Filter { string path; Val* path_val; EnumVal* writer; + bool local; + bool remote; int num_fields; LogField** fields; @@ -260,14 +262,7 @@ bool LogMgr::AddFilter(EnumVal* id, RecordVal* fval) // Find the right writer type. int writer = 0; int idx = rtype->FieldOffset("writer"); - Val* writer_val = fval->Lookup(idx); - - if ( ! writer_val ) - // Use default. - writer = BifConst::Log::default_writer->AsEnum(); - - else - writer = writer_val->AsEnum(); + writer = fval->LookupWithDefault(idx)->AsEnum(); // Create a new Filter instance. @@ -279,6 +274,8 @@ bool LogMgr::AddFilter(EnumVal* id, RecordVal* fval) filter->pred = pred ? pred->AsFunc() : 0; filter->path_func = path_func ? path_func->AsFunc() : 0; filter->writer = id->Ref()->AsEnumVal(); + filter->local = fval->LookupWithDefault(rtype->FieldOffset("log_local"))->AsBool(); + filter->remote = fval->LookupWithDefault(rtype->FieldOffset("log_remote"))->AsBool(); // TODO: Check that the predciate is of the right type. @@ -426,6 +423,10 @@ bool LogMgr::Write(EnumVal* id, RecordVal* columns) #endif } + if ( ! filter->local ) + // Skip the subsequent local logging code. + continue; + // See if we already have a writer for this path. Stream::WriterMap::iterator w = stream->writers.find(Stream::WriterPathPair(filter->writer->AsEnum(), path)); diff --git a/src/logging.bif b/src/logging.bif index 5c47375284..e31c56276e 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -6,8 +6,6 @@ module Log; #include "NetVar.h" %%} -const Log::default_writer: Writer; - type Filter: record; type Stream: record; diff --git a/testing/btest/logging/no-local.bro b/testing/btest/logging/no-local.bro new file mode 100644 index 0000000000..43eccce2c5 --- /dev/null +++ b/testing/btest/logging/no-local.bro @@ -0,0 +1,33 @@ +# +# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: test '!' -e ssh.log + +module SSH; + +export { + redef enum Log::ID += { SSH }; + + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + status: string &optional; + country: string &default="unknown"; + }; +} + +redef Log::enable_local_logging = F; + +event bro_init() +{ + Log::create_stream(SSH, [$columns=Log]); + + local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp]; + + Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]); + Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]); + +} +