Merge branch 'logging/script-logdir' of https://github.com/kramse/zeek

* 'logging/script-logdir' of https://github.com/kramse/zeek:
  Copy of ascii-empty test, just changed path in the beginning
  Logdir: Change requested by 0xxon, no problem
  Introduce script-land variable that can be used to set logdir.

Closes GH-772

CHANGES

@@ -1,3 +1,9 @@
+
+4.1.0-dev.720 | 2021-06-10 11:29:19 +0100
+
+  * Introduce script-land option LogAscii::logdir that can be used to set
+    the logging directory. (Henrik Kramselund Jereminsen)
+
 4.1.0-dev.715 | 2021-06-09 09:12:26 -0700
 
   * Fix macOS Big Sur builds on Cirrus

NEWS

@@ -60,6 +60,9 @@ New Functionality
   Connection objects were handled previously, but without the need to be based
   on IP-based protocols.
 
+- The ASCII writer gained a new option LogAscii::logdir, which can be used to
+  change the logging output directory.
+
 Changed Functionality
 ---------------------
 

VERSION

@@ -1 +1 @@
-4.1.0-dev.715
+4.1.0-dev.720

scripts/base/frameworks/logging/writers/ascii.zeek

@@ -54,6 +54,11 @@ export {
 	## This option is also available as a per-filter ``$config`` option.
 	const gzip_file_extension = "gz" &redef;
 
+	## Define the default logging directory. If empty, logs are written
+	## to the current working directory.
+	##
+	const logdir = "" &redef;
+
 	## Format of timestamps when writing out JSON. By default, the JSON
 	## formatter will use double values for timestamps which represent the
 	## number of seconds from the UNIX epoch.

src/logging/writers/ascii/Ascii.cc

@@ -252,6 +252,12 @@ void Ascii::InitConfigOptions()
 		(const char*) BifConst::LogAscii::gzip_file_extension->Bytes(),
 		BifConst::LogAscii::gzip_file_extension->Len()
 		);
+
+	logdir.assign(
+		(const char*) BifConst::LogAscii::logdir->Bytes(),
+		BifConst::LogAscii::logdir->Len()
+		);
+
 	}
 
 bool Ascii::InitFilterOptions()
@@ -344,6 +350,9 @@ bool Ascii::InitFilterOptions()
 
 		else if ( strcmp(i->first, "gzip_file_extension") == 0 )
 			gzip_file_extension.assign(i->second);
+
+		else if ( strcmp(i->first, "logdir") == 0 )
+			logdir.assign(i->second);
 		}
 
 	if ( ! InitFormatter() )
@@ -448,6 +457,19 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const threading::Fiel
 			ext += gzip_file_extension.empty() ? "gz" : gzip_file_extension;
 			}
 
+		if ( fname.front() != '/' && ! logdir.empty() )
+			{
+			string path = logdir;
+			std::size_t last = path.find_last_not_of('/');
+
+			if ( last == string::npos ) // Nothing but slashes -- weird but ok...
+				path = "/";
+			else
+				path.erase(last + 1);
+
+			fname = path + "/" + fname;
+			}
+
 		fname += ext;
 
 		bool use_shadow = BifConst::LogAscii::enable_leftover_log_rotation && Info().rotation_interval > 0;

src/logging/writers/ascii/Ascii.h

@@ -75,7 +75,8 @@ private:
 	bool use_json;
 	bool enable_utf_8;
 	std::string json_timestamps;
-
+	std::string logdir;
+	
 	threading::Formatter* formatter;
 	bool init_options;
 };

src/logging/writers/ascii/ascii.bif

@@ -16,3 +16,4 @@ const enable_utf_8: bool;
 const json_timestamps: JSON::TimestampFormat;
 const gzip_level: count;
 const gzip_file_extension: string;
+const logdir: string;

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-logdir/ssh-filtered.log

@@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+PREFIX<>separator |
+PREFIX<>set_separator|,
+PREFIX<>empty_field|EMPTY
+PREFIX<>unset_field|NOT-SET
+PREFIX<>path|ssh
+PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
+PREFIX<>types|time|addr|port|addr|port|string|string|bool
+XXXXXXXXXX.XXXXXX|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
+XXXXXXXXXX.XXXXXX|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
+XXXXXXXXXX.XXXXXX|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
+XXXXXXXXXX.XXXXXX|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
+XXXXXXXXXX.XXXXXX|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T

testing/btest/scripts/base/frameworks/logging/ascii-logdir.zeek

@@ -0,0 +1,38 @@
+#
+# @TEST-EXEC: mkdir logdir
+# @TEST-EXEC: zeek -b %INPUT LogAscii::logdir=logdir
+# @TEST-EXEC: cat logdir/ssh.log | grep -v PREFIX.*20..- >ssh-filtered.log
+# @TEST-EXEC: btest-diff ssh-filtered.log
+
+redef LogAscii::output_to_stdout = F;
+redef LogAscii::separator = "|";
+redef LogAscii::empty_field = "EMPTY";
+redef LogAscii::unset_field = "NOT-SET";
+redef LogAscii::meta_prefix = "PREFIX<>";
+
+module SSH;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+		b: bool &optional;
+	} &log;
+}
+
+event zeek_init()
+{
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $b=T, $status="failure", $country=""]);
+}