Rotation support.

This follows rather closely how rotation currently works in rotate-logs.bro. logging.bro now defines: # Default rotation interval; zero disables rotation. const default_rotation_interval = 0secs &redef; # Default naming suffix format. const default_rotation_date_format = "%y-%m-%d_%H.%M.%S" &redef; # Default postprocessor for writers outputting into files. const default_rotation_postprocessor = "" &redef; # Default function to construct the name of the rotated file. # The default implementation includes # default_rotation_date_format into the file name. global default_rotation_path_func: function(info: RotationInfo) : string &redef; Writer support for rotation is optional, usually it will only make sense for file-based writers. TODO: Currently, there's no way to customize rotation on a per file basis, there are only the global defaults as described above. Individual customization is coming next.
2025-10-02 06:38:20 +00:00 · 2011-03-06 19:28:48 -08:00 · 2011-03-06 19:28:48 -08:00 · d6cef16f77
commit d6cef16f77
parent 90af0d06c3
16 changed files with 387 additions and 68 deletions
--- a/testing/btest/Baseline/logging.rotate/out
+++ b/testing/btest/Baseline/logging.rotate/out
@ -0,0 +1,50 @@
+test-11-03-06_19.00.05.log test.log 11-03-06_19.00.05 11-03-06_20.00.05 0
+test-11-03-06_20.00.05.log test.log 11-03-06_20.00.05 11-03-06_21.00.05 0
+test-11-03-06_21.00.05.log test.log 11-03-06_21.00.05 11-03-06_22.00.05 0
+test-11-03-06_22.00.05.log test.log 11-03-06_22.00.05 11-03-06_23.00.05 0
+test-11-03-06_23.00.05.log test.log 11-03-06_23.00.05 11-03-07_00.00.05 0
+test-11-03-07_00.00.05.log test.log 11-03-07_00.00.05 11-03-07_01.00.05 0
+test-11-03-07_01.00.05.log test.log 11-03-07_01.00.05 11-03-07_02.00.05 0
+test-11-03-07_02.00.05.log test.log 11-03-07_02.00.05 11-03-07_03.00.05 0
+test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
+test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_04.59.55 1
+> test-11-03-06_19.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299466805.0	10.0.0.1	20	10.0.0.2	1024
+1299470395.0	10.0.0.2	20	10.0.0.3	0
+> test-11-03-06_20.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299470405.0	10.0.0.1	20	10.0.0.2	1025
+1299473995.0	10.0.0.2	20	10.0.0.3	1
+> test-11-03-06_21.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299474005.0	10.0.0.1	20	10.0.0.2	1026
+1299477595.0	10.0.0.2	20	10.0.0.3	2
+> test-11-03-06_22.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299477605.0	10.0.0.1	20	10.0.0.2	1027
+1299481195.0	10.0.0.2	20	10.0.0.3	3
+> test-11-03-06_23.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299481205.0	10.0.0.1	20	10.0.0.2	1028
+1299484795.0	10.0.0.2	20	10.0.0.3	4
+> test-11-03-07_00.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299484805.0	10.0.0.1	20	10.0.0.2	1029
+1299488395.0	10.0.0.2	20	10.0.0.3	5
+> test-11-03-07_01.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299488405.0	10.0.0.1	20	10.0.0.2	1030
+1299491995.0	10.0.0.2	20	10.0.0.3	6
+> test-11-03-07_02.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299492005.0	10.0.0.1	20	10.0.0.2	1031
+1299495595.0	10.0.0.2	20	10.0.0.3	7
+> test-11-03-07_03.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299495605.0	10.0.0.1	20	10.0.0.2	1032
+1299499195.0	10.0.0.2	20	10.0.0.3	8
+> test-11-03-07_04.00.05.log
+# t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	
+1299499205.0	10.0.0.1	20	10.0.0.2	1033
+1299502795.0	10.0.0.2	20	10.0.0.3	9
--- a/testing/btest/btest.cfg
+++ b/testing/btest/btest.cfg
@ -4,7 +4,7 @@ TestDirs    = logging
 TmpDir      = %(testbase)s/.tmp
 BaselineDir = %(testbase)s/Baseline
 IgnoreDirs  = .svn CVS .tmp
-IgnoreFiles = *.tmp *.swp #*
+IgnoreFiles = *.tmp *.swp #* *.trace

 [environment]
 BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev`
--- a/testing/btest/logging/rotate.bro
+++ b/testing/btest/logging/rotate.bro
@ -0,0 +1,31 @@
+#
+# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT >out
+# @TEST-EXEC: for i in test-*.log; do printf '> %s\n' $i; cat $i; done >>out
+# @TEST-EXEC: btest-diff out
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { Test };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	};
+}
+
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor = "echo";
+
+event bro_init()
+{
+	Log::create_stream(Test, [$columns=Log]);
+}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test, [$t=network_time(), $id=c$id]);
+	}
--- a/testing/btest/logging/rotation.trace
+++ b/testing/btest/logging/rotation.trace