From fe85a3e4d27d66f7e0e95d1cc9ec829c9db013cd Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 1 Mar 2011 17:17:48 -0500 Subject: [PATCH] Adapted for API similarity with Robin's logging framework code. --- policy/logging.bro | 7 ++++--- policy/test-logging.bro | 24 ++++++++++++------------ src/bro.bif | 10 +++++----- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/policy/logging.bro b/policy/logging.bro index 610e9e6f69..f8827b8431 100644 --- a/policy/logging.bro +++ b/policy/logging.bro @@ -1,4 +1,4 @@ -module Logging; +module Log; export { # The set of writers Bro provides. @@ -67,7 +67,7 @@ export { # Logs the record "rec" to the stream "id". The type of # "rec" must match the stream's "columns" field. - global log: function(id: string, rec: any); + global write: function(id: string, rec: any); #global log_ev: event(id: string, rec: any); # Returns an existing filter previously installed for stream @@ -75,6 +75,7 @@ export { # the record "NoSuchFilter" is returned. global get_filter: function(id: string, name: string) : Filter; + global create_stream: function(id: string, log_record_type: string); global add_filter: function(id: string, filter: Filter); global remove_filter: function(id: string, filter: string): bool; @@ -164,7 +165,7 @@ event file_opened(f: file) &priority=10 } } -function log(id: string, rec: any) +function write(id: string, rec: any) { logging_log(id, rec); } diff --git a/policy/test-logging.bro b/policy/test-logging.bro index df57c6d576..4b200c188f 100644 --- a/policy/test-logging.bro +++ b/policy/test-logging.bro @@ -1,10 +1,10 @@ -module SSH; +module TEST_LOGGING; @load logging export { # Create a new ID for our log stream - #redef enum Logging::ID += { LOG_SSH }; + redef enum Log::ID += { TEST_LOGGING }; # Define a record with all the columns the log file can have. # (I'm using a subset of fields from ssh-ext for demonstration.) @@ -17,7 +17,7 @@ export { # This is the prototype for the event that the logging framework tries # to generate if there is a handler for it. - #global log: event(rec: Log); + global log: event(rec: Log); } event bro_init() @@ -25,12 +25,12 @@ event bro_init() # Create the stream. # First argument is the ID for the stream. # Second argument is the log record type. - Logging::create_stream("ssh", "SSH::Log"); + Log::create_stream("TEST_LOGGING", "TEST_LOGGING::Log"); # Add a default filter that simply logs everything to "ssh.log" using the default writer. # Log line event generation is autogenerated for now by checking for # handlers for MODULE_NAME::log (which isn't the right thing to do, but it will be dealt with later) - Logging::add_default_filter("ssh"); + Log::add_default_filter("TEST_LOGGING"); # There is currently some problem with &optional values in the records # passed into the predicate. Maybe it's because I'm not really coercing @@ -42,18 +42,18 @@ event bro_init() # Printing headers for the filters doesn't work yet either and needs to # be considered in the final design. (based on the "select" set). - #Logging::add_filter("ssh", [$name="successful logins", + #Log::add_filter("ssh", [$name="successful logins", # #$pred(rec: Log) = { print rec$status; return T; }, # $path="ssh-logins", # #$select=set("t"), - # $writer=Logging::WRITER_CSV]); + # $writer=Log::WRITER_CSV]); # Log something. - Logging::log("ssh", [$t=network_time(),$status="success"]); - Logging::log("ssh", [$t=network_time(),$status="failure", $country="US"]); - Logging::log("ssh", [$t=network_time(),$status="failure", $country="UK"]); - Logging::log("ssh", [$t=network_time(),$status="success", $country="BR"]); - Logging::log("ssh", [$t=network_time(),$status="failure", $country="MX"]); + Log::write("TEST_LOGGING", [$t=network_time(),$status="success"]); + Log::write("TEST_LOGGING", [$t=network_time(),$status="failure", $country="US"]); + Log::write("TEST_LOGGING", [$t=network_time(),$status="failure", $country="UK"]); + Log::write("TEST_LOGGING", [$t=network_time(),$status="success", $country="BR"]); + Log::write("TEST_LOGGING", [$t=network_time(),$status="failure", $country="MX"]); } diff --git a/src/bro.bif b/src/bro.bif index 278c14500e..dc7324b92e 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -367,7 +367,7 @@ function logging_log%(index: string, rec: any%): any RecordVal *recval = rec->AsRecordVal(); // Lookup the stream - TableVal *streams = opt_internal_table("Logging::streams"); + TableVal *streams = opt_internal_table("Log::streams"); VectorVal *columns; RecordVal *stream_record; if ( streams ) @@ -381,12 +381,12 @@ function logging_log%(index: string, rec: any%): any } else { - printf("Logging framework is dead (Logging::streams not found).\n"); + printf("Logging framework is dead (Log::streams not found).\n"); return false; } // Lookup all filters for stream - TableVal *filters = opt_internal_table("Logging::filters"); + TableVal *filters = opt_internal_table("Log::filters"); TableVal *stream_filters; if ( filters ) { @@ -396,7 +396,7 @@ function logging_log%(index: string, rec: any%): any } else { - printf("Logging framework is dead (Logging::filters not found).\n"); + printf("Logging framework is dead (Log::filters not found).\n"); return false; } @@ -448,7 +448,7 @@ function logging_log%(index: string, rec: any%): any // Get the file with the "path" name found above for this filter. // Open a new file is one does not exist yet. - TableVal *logging_files = opt_internal_table("Logging::files"); + TableVal *logging_files = opt_internal_table("Log::files"); Val *ff = logging_files->Lookup(path); if ( !ff ) {