mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
92 lines
2.7 KiB
Text
92 lines
2.7 KiB
Text
# @TEST-DOC: Test the options that limit string and container lengths when logging
|
|
#
|
|
# @TEST-EXEC: zeek -b test.zeek %INPUT
|
|
# @TEST-EXEC: btest-diff test.log
|
|
# @TEST-EXEC: btest-diff .stdout
|
|
# @TEST-EXEC: btest-diff weird.log
|
|
|
|
# @TEST-START-FILE test.zeek
|
|
|
|
@load base/frameworks/telemetry
|
|
@load base/frameworks/notice/weird
|
|
|
|
module Test;
|
|
|
|
export {
|
|
redef enum Log::ID += { LOG };
|
|
|
|
type Info: record {
|
|
strings1: vector of string &log;
|
|
strings2: vector of string &log;
|
|
};
|
|
}
|
|
|
|
event log_telemetry()
|
|
{
|
|
local storage_metrics = Telemetry::collect_metrics("zeek", "log_writer_truncated*");
|
|
for (i in storage_metrics)
|
|
{
|
|
local m = storage_metrics[i];
|
|
print m$opts$metric_type, m$opts$prefix, m$opts$name, m$label_names, m$label_values, m$value;
|
|
}
|
|
}
|
|
|
|
event zeek_init()
|
|
{
|
|
Log::create_stream(LOG, [$columns=Info, $path="test"]);
|
|
|
|
local rec = Test::Info();
|
|
local i = 0;
|
|
|
|
# Create two vectors containing 10 strings with 10 characters each.
|
|
# This leaves us with 200 total characters to work with.
|
|
while ( ++i <= 10 )
|
|
{
|
|
rec$strings1 += "ABCDEFGHIJ";
|
|
rec$strings2 += "ABCDEFGHIJ";
|
|
}
|
|
|
|
Log::write(Test::LOG, rec);
|
|
|
|
# Do this as a separate event so the weirds get processed before we log the
|
|
# telemetry outout. See the comment below for the first test as to why.
|
|
event log_telemetry();
|
|
}
|
|
|
|
# @TEST-END-FILE test.zeek
|
|
|
|
# Limit the individual fields to 5 bytes, but keep the total maximum large enough that it
|
|
# will write all of the fields. The weird test for this one will be off since it will
|
|
# limit the name of the weird. It will pass, but the fields in the log will get truncated
|
|
# like they're supposed to.
|
|
redef Log::max_field_string_bytes = 5;
|
|
|
|
# @TEST-START-NEXT
|
|
|
|
# Leave the individual field bytes alone, but set the maximum length to where it cuts off
|
|
# the second field in the middle of a string.
|
|
redef Log::max_total_string_bytes = 115;
|
|
|
|
# @TEST-START-NEXT
|
|
|
|
# Leave the individual field bytes alone, but set the maximum length to where it cuts off
|
|
# the first field in the middle of a string. Second field should log empty strings.
|
|
redef Log::max_total_string_bytes = 85;
|
|
|
|
# @TEST-START-NEXT
|
|
|
|
# Limit the individual containers to 5 items, but keep the total maximum large enough that
|
|
# it will write all of the fields.
|
|
redef Log::max_field_container_elements = 5;
|
|
|
|
# @TEST-START-NEXT
|
|
|
|
# Leave the individual field items alone, but set the maximum length to where it cuts off
|
|
# the second field in the middle.
|
|
redef Log::max_total_container_elements = 15;
|
|
|
|
# @TEST-START-NEXT
|
|
|
|
# Leave the individual field bytes alone, but set the maximum length to where it cuts off
|
|
# the first field in the middle. Second field should log empty containers.
|
|
redef Log::max_total_container_elements = 5;
|