diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 304e946535..54eb501ccb 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -84,7 +84,7 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt) config.clear(); - while ( size ) + while ( size-- ) { string value; string key; diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.failure.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.failure.log new file mode 100644 index 0000000000..41b8544db1 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.failure.log @@ -0,0 +1,4 @@ +t id.orig_h id.orig_p id.resp_h id.resp_p status country +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure US +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure UK +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.log new file mode 100644 index 0000000000..f84ccde80c --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.log @@ -0,0 +1,14 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path test +#open 2015-02-23-21-54-13 +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success unknown +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure US +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure UK +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success BR +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure MX +#close 2015-02-23-21-54-13 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.success.log b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.success.log new file mode 100644 index 0000000000..35f497fd0d --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.success.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path test.success +#open 2015-02-23-21-54-13 +#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country +#types time addr port addr port string string +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success unknown +1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success BR +#close 2015-02-23-21-54-13 diff --git a/testing/btest/scripts/base/frameworks/logging/remote-config.bro b/testing/btest/scripts/base/frameworks/logging/remote-config.bro new file mode 100644 index 0000000000..9fd94acc7d --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/remote-config.bro @@ -0,0 +1,94 @@ +# @TEST-SERIALIZE: comm +# +# @TEST-EXEC: btest-bg-run sender bro -b --pseudo-realtime %INPUT ../sender.bro +# @TEST-EXEC: sleep 1 +# @TEST-EXEC: btest-bg-run receiver bro -b --pseudo-realtime %INPUT ../receiver.bro +# @TEST-EXEC: sleep 1 +# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-diff sender/test.log +# @TEST-EXEC: btest-diff sender/test.failure.log +# @TEST-EXEC: btest-diff sender/test.success.log +# @TEST-EXEC: ( cd sender && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done ) +# @TEST-EXEC: ( cd receiver && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done ) +# @TEST-EXEC: cmp receiver/c.test.log sender/c.test.log +# @TEST-EXEC: cmp receiver/c.test.failure.log sender/c.test.failure.log +# @TEST-EXEC: cmp receiver/c.test.success.log sender/c.test.success.log + +# This is the common part loaded by both sender and receiver. +module Test; + +export { + # Create a new ID for our log stream + redef enum Log::ID += { LOG }; + + # Define a record with all the columns the log file can have. + # (I'm using a subset of fields from ssh-ext for demonstration.) + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + status: string &optional; + country: string &default="unknown"; + } &log; +} + +event bro_init() +{ + Log::create_stream(Test::LOG, [$columns=Log]); + Log::add_filter(Test::LOG, [$name="f1", $path="test.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]); +} + +##### + +@TEST-START-FILE sender.bro + +@load frameworks/communication/listen + +module Test; + +function fail(rec: Log): bool + { + return rec$status != "success"; + } + +event remote_connection_handshake_done(p: event_peer) + { + local config: table[string] of string; + config["tsv"] = "T"; + Log::add_filter(Test::LOG, [$name="f2", $path="test.failure", $pred=fail, $config=config]); + + local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp]; + + local r: Log = [$t=network_time(), $id=cid, $status="success"]; + + # Log something. + Log::write(Test::LOG, r); + Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]); + Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]); + Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]); + Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]); + disconnect(p); + } + +event remote_connection_closed(p: event_peer) + { + terminate(); + } + +@TEST-END-FILE + +@TEST-START-FILE receiver.bro + +##### + +@load base/frameworks/communication + +redef Communication::nodes += { + ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T] +}; + +event remote_connection_closed(p: event_peer) + { + terminate(); + } + +@TEST-END-FILE