diff --git a/scripts/base/frameworks/logging/main.zeek b/scripts/base/frameworks/logging/main.zeek index 3a83808369..9e5e639b6e 100644 --- a/scripts/base/frameworks/logging/main.zeek +++ b/scripts/base/frameworks/logging/main.zeek @@ -75,6 +75,23 @@ export { ## Returns: The path to be used for the filter. global default_path_func: function(id: ID, path: string, rec: any) : string &redef; + # Log Print Statements + + type PrintLogInfo: record { + ## Current timestamp. + ts: time &log; + ## Set of strings passed to the print statement. + vals: set[string] &log; + }; + + redef enum Log::ID += {PRINTLOG}; + + ## If true, logging is enabled for print statements instead of output to files + const print_to_log = F &redef; + + ## If print_to_log is true, this is the path to which the print Log Stream writes + const print_log_path = "print" &redef; + # Log rotation support. ## Information passed into rotation callback functions. @@ -643,3 +660,10 @@ function remove_default_filter(id: ID) : bool { return remove_filter(id, "default"); } + +event zeek_init() &priority=5 + { + if ( print_to_log ) + # "print" added for the test coverage.find-bro-logs + Log::create_stream(PRINTLOG, [$columns=PrintLogInfo, $path=print_log_path]); #"print" + } diff --git a/src/Stmt.cc b/src/Stmt.cc index fca38a357a..9a86924cf6 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -14,6 +14,7 @@ #include "Debug.h" #include "Traverse.h" #include "Trigger.h" +#include "logging/Manager.h" const char* stmt_name(BroStmtTag t) { @@ -184,10 +185,50 @@ TraversalCode ExprListStmt::Traverse(TraversalCallback* cb) const static BroFile* print_stdout = 0; +TableVal* get_string_set_from_vals (val_list* vals, ODesc* d) + { + ListVal* set = new ListVal(TYPE_STRING); + for ( int i = 0; i < vals->length(); i++ ) + { + d->Clear(); + Val* val = (*vals)[i]; + val->Describe(d); + set->Append(new StringVal(d->Description())); + } + + return set->ConvertToSet(); + } + Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const { RegisterAccess(); + if ( internal_val("Log::print_to_log")->AsBool() ) + { + ID* plid = global_scope()->Lookup("Log::PRINTLOG"); + assert(plid); + assert(plid->IsEnumConst()); + + EnumType* et = plid->Type()->AsEnumType(); + int plint = et->Lookup("Log", "PRINTLOG"); + assert(plint >= 0); + EnumVal* plval = et->GetVal(plint); + assert(plval); + + RecordType* pltype = log_mgr->StreamColumns(plval); + assert(pltype); + + RecordVal record = RecordVal(pltype); + ODesc d(DESC_READABLE); + d.SetFlush(0); + + record.Assign(0, new Val(current_time(), TYPE_TIME)); + record.Assign(1, get_string_set_from_vals(vals, &d)); + + log_mgr->Write(plval, &record); + return 0; + } + if ( ! print_stdout ) print_stdout = new BroFile(stdout); diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out index 55ef0c557e..493e014fbc 100644 --- a/testing/btest/Baseline/coverage.find-bro-logs/out +++ b/testing/btest/Baseline/coverage.find-bro-logs/out @@ -38,6 +38,7 @@ ocsp openflow packet_filter pe +print radius rdp reporter diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.print-log/print_statements.log b/testing/btest/Baseline/scripts.base.frameworks.logging.print-log/print_statements.log new file mode 100644 index 0000000000..f7ae620e76 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.print-log/print_statements.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path print_statements +#open 2019-11-13-18-11-01 +#fields ts vals +#types time set[string] +1573697461.909861 hello world \x2c +1573697461.909946 T,2 +#close 2019-11-13-18-11-01 \ No newline at end of file diff --git a/testing/btest/scripts/base/frameworks/logging/print-log.zeek b/testing/btest/scripts/base/frameworks/logging/print-log.zeek new file mode 100644 index 0000000000..ddce8cd8e4 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/print-log.zeek @@ -0,0 +1,12 @@ +# +# @TEST-EXEC: zeek -b %INPUT +# @TEST-EXEC: btest-diff print_statements.log + +redef Log::print_to_log = T; +redef Log::print_log_path = "print_statements"; + +event zeek_init() + { + print "hello world ,"; + print 2,T; + }