Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Logging's path_func now receives the log record as argument.

Browse source 
Closes #555.
This commit is contained in:
Robin Sommer 2011-08-12 22:18:45 -07:00
parent c436930acf
commit cb31fd3bb9
5 changed files with 39 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

16
scripts/base/frameworks/logging/main.bro
View file

@ -34,9 +34,11 @@ export {
## id: The log stream. ## id: The log stream.
## path: A suggested path value, which may be either the filter's ``path`` ## path: A suggested path value, which may be either the filter's ``path``
## if defined or a fall-back generated internally. ## if defined or a fall-back generated internally.
## rec: An instance of the streams's ``columns`` type with its
## fields set to the values to logged.
## ##
## Returns: The path to be used for the filter. ## Returns: The path to be used for the filter.
global default_path_func: function(id: ID, path: string) : string &redef; global default_path_func: function(id: ID, path: string, rec: any) : string &redef;
## Filter customizing logging. ## Filter customizing logging.
type Filter: record { type Filter: record {
@ -71,7 +73,15 @@ export {
## different strings for separate calls, but be careful: it's ## different strings for separate calls, but be careful: it's
## easy to flood the disk by returning a new string for each ## easy to flood the disk by returning a new string for each
## connection ... ## connection ...
path_func: function(id: ID, path: string): string &optional; ##
## id: The log stream.
## path: A suggested path value, which may be either the filter's ``path``
## if defined or a fall-back generated internally.
## rec: An instance of the streams's ``columns`` type with its
## fields set to the values to logged.
##
## Returns: The path to be used for the filter.
path_func: function(id: ID, path: string, rec: any): string &optional;
## Subset of column names to record. If not given, all ## Subset of column names to record. If not given, all
## columns are recorded. ## columns are recorded.
@ -160,7 +170,7 @@ function __default_rotation_postprocessor(info: RotationInfo) : bool
return default_rotation_postprocessors[info$writer](info); return default_rotation_postprocessors[info$writer](info);
} }
function default_path_func(id: ID, path: string) : string function default_path_func(id: ID, path: string, rec: any) : string
{ {
# TODO for Seth: Do what you want. :) # TODO for Seth: Do what you want. :)
return path; return path;

4
src/LogMgr.cc
View file

@ -902,9 +902,10 @@ bool LogMgr::Write(EnumVal* id, RecordVal* columns)
if ( filter->path_func ) if ( filter->path_func )
{ {
val_list vl(2); val_list vl(3);
vl.append(id->Ref()); vl.append(id->Ref());
vl.append(filter->path_val->Ref()); vl.append(filter->path_val->Ref());
vl.append(columns->Ref());
Val* v = filter->path_func->Call(&vl); Val* v = filter->path_func->Call(&vl);
if ( ! v->Type()->Tag() == TYPE_STRING ) if ( ! v->Type()->Tag() == TYPE_STRING )
@ -915,6 +916,7 @@ bool LogMgr::Write(EnumVal* id, RecordVal* columns)
} }
path = v->AsString()->CheckString(); path = v->AsString()->CheckString();
Unref(v);
#ifdef DEBUG #ifdef DEBUG
DBG_LOG(DBG_LOGGING, "Path function for filter '%s' on stream '%s' return '%s'", DBG_LOG(DBG_LOGGING, "Path function for filter '%s' on stream '%s' return '%s'",

4
testing/btest/Baseline/policy.frameworks.logging.adapt-filter/ssh-new-default.log
View file

@ -1,3 +1,3 @@
# t id.orig_h id.orig_p id.resp_h id.resp_p status country # t id.orig_h id.orig_p id.resp_h id.resp_p status country
1299718503.40319 1.2.3.4 1234 2.3.4.5 80 success unknown 1313212563.234939 1.2.3.4 1234 2.3.4.5 80 success unknown
1299718503.40319 1.2.3.4 1234 2.3.4.5 80 failure US 1313212563.234939 1.2.3.4 1234 2.3.4.5 80 failure US

28
testing/btest/Baseline/policy.frameworks.logging.path-func/output
View file

@ -1,13 +1,21 @@
static-prefix-0.log static-prefix-0-BR.log
static-prefix-1.log static-prefix-0-MX3.log
static-prefix-2.log static-prefix-0-unknown.log
static-prefix-1-MX.log
static-prefix-1-US.log
static-prefix-2-MX2.log
static-prefix-2-UK.log
# t id.orig_h id.orig_p id.resp_h id.resp_p status country # t id.orig_h id.orig_p id.resp_h id.resp_p status country
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 success unknown 1313212701.542245 1.2.3.4 1234 2.3.4.5 80 success BR
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 success BR
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 failure MX3
# t id.orig_h id.orig_p id.resp_h id.resp_p status country # t id.orig_h id.orig_p id.resp_h id.resp_p status country
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 failure US 1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure MX3
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 failure MX
# t id.orig_h id.orig_p id.resp_h id.resp_p status country # t id.orig_h id.orig_p id.resp_h id.resp_p status country
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 failure UK 1313212701.542245 1.2.3.4 1234 2.3.4.5 80 success unknown
1299718503.05867 1.2.3.4 1234 2.3.4.5 80 failure MX2 # t id.orig_h id.orig_p id.resp_h id.resp_p status country
1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure MX
# t id.orig_h id.orig_p id.resp_h id.resp_p status country
1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure US
# t id.orig_h id.orig_p id.resp_h id.resp_p status country
1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure MX2
# t id.orig_h id.orig_p id.resp_h id.resp_p status country
1313212701.542245 1.2.3.4 1234 2.3.4.5 80 failure UK

4
testing/btest/policy/frameworks/logging/path-func.bro
View file

@ -21,11 +21,11 @@ export {
global c = -1; global c = -1;
function path_func(id: Log::ID, path: string) : string function path_func(id: Log::ID, path: string, rec: Log) : string
{ {
c = (c + 1) % 3; c = (c + 1) % 3;
return fmt("%s-%d", path, c); return fmt("%s-%d-%s", path, c, rec$country);
} }
event bro_init() event bro_init()