Adding options to enable/disable local and remote logging.

Only the local option has an effect right now.

Also moving Log::default_writer out of the bif into logging.bro.

policy/logging.bro

@@ -3,6 +3,15 @@ module Log;
 # Log::ID and Log::Writer are defined in bro.init due to circular dependencies.
 
 export {
+	# The default writer to use.
+	const default_writer = Log::WRITER_ASCII &redef;
+
+	# If true, local logging is by default enabled for all filters.
+	const enable_local_logging = T &redef;
+
+	# If true, remote logging is by default enabled for all filters.
+	const enable_remote_logging = T &redef;
+
     # A stream defining the logging.
 	type Stream: record {
 	    # A record type defining the log's columns.
@@ -41,8 +50,14 @@ export {
 		include: set[string] &optional;
 		exclude: set[string] &optional;
 
+		# If true, record all log records locally.
+		log_local: bool &default=Log::enable_local_logging;
+
+		# If true, pass all log records on to remote peers if they request it.
+		log_remote: bool &default=Log::enable_remote_logging;
+
 		# The writer to use.
-		writer: Writer &optional;
+		writer: Writer &default=Log::default_writer;
     };
 
 	global create_stream: function(id: Log::ID, stream: Log::Stream) : bool;
@@ -59,12 +74,6 @@ export {
 
 module Log;
 
-export {
-	# The default writer to use if a filter does not specify
-	# anything else.
-	const default_writer = Log::WRITER_ASCII &redef;
-}
-
 function create_stream(id: Log::ID, stream: Log::Stream) : bool
 	{
 	if ( ! Log::__create_stream(id, stream) )

src/LogMgr.cc

@@ -27,6 +27,8 @@ struct LogMgr::Filter {
 	string path;
 	Val* path_val;
 	EnumVal* writer;
+	bool local;
+	bool remote;
 
 	int num_fields;
 	LogField** fields;
@@ -260,14 +262,7 @@ bool LogMgr::AddFilter(EnumVal* id, RecordVal* fval)
 	// Find the right writer type.
 	int writer = 0;
 	int idx = rtype->FieldOffset("writer");
-	Val* writer_val = fval->Lookup(idx);
-
-	if ( ! writer_val )
-		// Use default.
-		writer = BifConst::Log::default_writer->AsEnum();
-
-	else
-		writer = writer_val->AsEnum();
+	writer = fval->LookupWithDefault(idx)->AsEnum();
 
 	// Create a new Filter instance.
 
@@ -279,6 +274,8 @@ bool LogMgr::AddFilter(EnumVal* id, RecordVal* fval)
 	filter->pred = pred ? pred->AsFunc() : 0;
 	filter->path_func = path_func ? path_func->AsFunc() : 0;
 	filter->writer = id->Ref()->AsEnumVal();
+	filter->local = fval->LookupWithDefault(rtype->FieldOffset("log_local"))->AsBool();
+	filter->remote = fval->LookupWithDefault(rtype->FieldOffset("log_remote"))->AsBool();
 
 	// TODO: Check that the predciate is of the right type.
 
@@ -426,6 +423,10 @@ bool LogMgr::Write(EnumVal* id, RecordVal* columns)
 #endif
 			}
 
+		if ( ! filter->local )
+			// Skip the subsequent local logging code.
+			continue;
+
 		// See if we already have a writer for this path.
 		Stream::WriterMap::iterator w = stream->writers.find(Stream::WriterPathPair(filter->writer->AsEnum(), path));
 

src/logging.bif

@@ -6,8 +6,6 @@ module Log;
 #include "NetVar.h"
 %%}
 
-const Log::default_writer: Writer;
-
 type Filter: record;
 type Stream: record;
 

testing/btest/logging/no-local.bro

@@ -0,0 +1,33 @@
+#
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: test '!' -e ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { SSH };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	};
+}
+
+redef Log::enable_local_logging = F;
+
+event bro_init()
+{
+	Log::create_stream(SSH, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+