mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 08:38:20 +00:00
Remove Log::rotation_control (addresses #572).
Log rotation is now controlled directly through Filter records. Also addressed a TODO in the default_path_func regarding the LogMgr::AddFilter function generating internal filter path suggestions/fallbacks. Now, if the user doesn't explicitly set a filter path, the filter's path will be the result of the first call to default_path_func (happens during the first write to the log). And in that case the path suggestion argument to the path_func is an empty string.
This commit is contained in:
Jon Siwek
parent
d8c716ae17
commit
fe38c22d2b
11 changed files with 73 additions and 291 deletions
|
|
@ -1,10 +0,0 @@
|
|||
{
|
||||
[WRITER_ASCII, test2] = [interv=30.0 mins, postprocessor=Test::custom_rotate
|
||||
{
|
||||
print custom rotate, Test::info;
|
||||
return (T);
|
||||
}]
|
||||
}
|
||||
{
|
||||
|
||||
}
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
|
||||
1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
|
||||
1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
|
||||
1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
|
||||
1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
|
||||
1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
|
||||
1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
|
||||
1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
|
||||
1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
|
||||
1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.00.05.log, path=test2, open=1299466805.0, close=1299470395.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_03.59.55.log, path=test2, open=1299470395.0, close=1299470405.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.00.05.log, path=test2, open=1299470405.0, close=1299473995.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_04.59.55.log, path=test2, open=1299473995.0, close=1299474005.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.00.05.log, path=test2, open=1299474005.0, close=1299477595.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_05.59.55.log, path=test2, open=1299477595.0, close=1299477605.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.00.05.log, path=test2, open=1299477605.0, close=1299481195.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_06.59.55.log, path=test2, open=1299481195.0, close=1299481205.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.00.05.log, path=test2, open=1299481205.0, close=1299484795.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_07.59.55.log, path=test2, open=1299484795.0, close=1299484805.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.00.05.log, path=test2, open=1299484805.0, close=1299488395.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_08.59.55.log, path=test2, open=1299488395.0, close=1299488405.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.00.05.log, path=test2, open=1299488405.0, close=1299491995.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_09.59.55.log, path=test2, open=1299491995.0, close=1299492005.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.00.05.log, path=test2, open=1299492005.0, close=1299495595.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_10.59.55.log, path=test2, open=1299495595.0, close=1299495605.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.00.05.log, path=test2, open=1299495605.0, close=1299499195.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_11.59.55.log, path=test2, open=1299499195.0, close=1299499205.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.00.05.log, path=test2, open=1299499205.0, close=1299502795.0, terminating=F]
|
||||
custom rotate, [writer=WRITER_ASCII, fname=test2-11-03-07_12.59.55.log, path=test2, open=1299502795.0, close=1299502795.0, terminating=T]
|
||||
# t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
1299466805.000000 10.0.0.1 20 10.0.0.2 1024
|
||||
1299470395.000000 10.0.0.2 20 10.0.0.3 0
|
||||
1299470405.000000 10.0.0.1 20 10.0.0.2 1025
|
||||
1299473995.000000 10.0.0.2 20 10.0.0.3 1
|
||||
1299474005.000000 10.0.0.1 20 10.0.0.2 1026
|
||||
1299477595.000000 10.0.0.2 20 10.0.0.3 2
|
||||
1299477605.000000 10.0.0.1 20 10.0.0.2 1027
|
||||
1299481195.000000 10.0.0.2 20 10.0.0.3 3
|
||||
1299481205.000000 10.0.0.1 20 10.0.0.2 1028
|
||||
1299484795.000000 10.0.0.2 20 10.0.0.3 4
|
||||
1299484805.000000 10.0.0.1 20 10.0.0.2 1029
|
||||
1299488395.000000 10.0.0.2 20 10.0.0.3 5
|
||||
1299488405.000000 10.0.0.1 20 10.0.0.2 1030
|
||||
1299491995.000000 10.0.0.2 20 10.0.0.3 6
|
||||
1299492005.000000 10.0.0.1 20 10.0.0.2 1031
|
||||
1299495595.000000 10.0.0.2 20 10.0.0.3 7
|
||||
1299495605.000000 10.0.0.1 20 10.0.0.2 1032
|
||||
1299499195.000000 10.0.0.2 20 10.0.0.3 8
|
||||
1299499205.000000 10.0.0.1 20 10.0.0.2 1033
|
||||
1299502795.000000 10.0.0.2 20 10.0.0.3 9
|
||||
> test.2011-03-07-03-00-05.log
|
||||
> test.2011-03-07-04-00-05.log
|
||||
> test.2011-03-07-05-00-05.log
|
||||
> test.2011-03-07-06-00-05.log
|
||||
> test.2011-03-07-07-00-05.log
|
||||
> test.2011-03-07-08-00-05.log
|
||||
> test.2011-03-07-09-00-05.log
|
||||
> test.2011-03-07-10-00-05.log
|
||||
> test.2011-03-07-11-00-05.log
|
||||
> test.2011-03-07-12-00-05.log
|
||||
> test.log
|
||||
> test2-11-03-07_03.00.05.log
|
||||
> test2-11-03-07_03.59.55.log
|
||||
> test2-11-03-07_04.00.05.log
|
||||
> test2-11-03-07_04.59.55.log
|
||||
> test2-11-03-07_05.00.05.log
|
||||
> test2-11-03-07_05.59.55.log
|
||||
> test2-11-03-07_06.00.05.log
|
||||
> test2-11-03-07_06.59.55.log
|
||||
> test2-11-03-07_07.00.05.log
|
||||
> test2-11-03-07_07.59.55.log
|
||||
> test2-11-03-07_08.00.05.log
|
||||
> test2-11-03-07_08.59.55.log
|
||||
> test2-11-03-07_09.00.05.log
|
||||
> test2-11-03-07_09.59.55.log
|
||||
> test2-11-03-07_10.00.05.log
|
||||
> test2-11-03-07_10.59.55.log
|
||||
> test2-11-03-07_11.00.05.log
|
||||
> test2-11-03-07_11.59.55.log
|
||||
> test2-11-03-07_12.00.05.log
|
||||
> test2-11-03-07_12.59.55.log
|
||||
> test2.log
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
# @TEST-EXEC: bro -b %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
module Test;
|
||||
|
||||
export {
|
||||
redef enum Log::ID += { Test };
|
||||
|
||||
type Info: record {
|
||||
t: time;
|
||||
id: conn_id;
|
||||
} &log;
|
||||
}
|
||||
|
||||
function custom_rotate(info: Log::RotationInfo) : bool
|
||||
{
|
||||
print "custom rotate", info;
|
||||
return T;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(Test, [$columns=Info]);
|
||||
Log::add_filter(Test, [$name="2nd", $path="test2",
|
||||
$rotation=[$interv=30mins, $postprocessor=custom_rotate]]);
|
||||
print Log::rotation_control;
|
||||
Log::remove_filter(Test, "2nd");
|
||||
# The RotationControl should be removed now
|
||||
print Log::rotation_control;
|
||||
}
|
||||
|
|
@ -26,15 +26,10 @@ function custom_rotate(info: Log::RotationInfo) : bool
|
|||
return T;
|
||||
}
|
||||
|
||||
redef Log::rotation_control += {
|
||||
[Log::WRITER_ASCII, "test2"] = [$interv=30mins, $postprocessor=custom_rotate]
|
||||
};
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Log]);
|
||||
Log::add_filter(Test::LOG, [$name="2nd", $path="test2"]);
|
||||
|
||||
Log::add_filter(Test::LOG, [$name="2nd", $path="test2", $interv=30mins, $postprocessor=custom_rotate]);
|
||||
}
|
||||
|
||||
event new_connection(c: connection)
|
||||
|
|
|
|||
|
|
@ -1,39 +0,0 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | egrep "test|test2" | sort >out
|
||||
# @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
module Test;
|
||||
|
||||
export {
|
||||
# Create a new ID for our log stream
|
||||
redef enum Log::ID += { Test };
|
||||
|
||||
# Define a record with all the columns the log file can have.
|
||||
# (I'm using a subset of fields from ssh-ext for demonstration.)
|
||||
type Log: record {
|
||||
t: time;
|
||||
id: conn_id; # Will be rolled out into individual columns.
|
||||
} &log;
|
||||
}
|
||||
|
||||
redef Log::default_rotation_interval = 1hr;
|
||||
redef Log::default_rotation_postprocessor_cmd = "echo 1st";
|
||||
|
||||
function custom_rotate(info: Log::RotationInfo) : bool
|
||||
{
|
||||
print "custom rotate", info;
|
||||
return T;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(Test, [$columns=Log]);
|
||||
Log::add_filter(Test, [$name="2nd", $path="test2",
|
||||
$rotation=[$interv=30mins, $postprocessor=custom_rotate]]);
|
||||
}
|
||||
|
||||
event new_connection(c: connection)
|
||||
{
|
||||
Log::write(Test, [$t=network_time(), $id=c$id]);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue