mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
64bc53e621
- Updates to cluster framework to finish the separation between broctl and bro - Extension technique for extending notice emails with extra content. - Deleting the connection record from notices after calling apply_policy. It may have been causing some load and memory issues from copying lots of data to other cluster members. This is a test to see if we are right about the memory trouble. - Abstracted some of the notice actions into separate scripts. - - Lots of small cleanup and fixes.
37 lines
992 B
Text
37 lines
992 B
Text
##! Deletes the -w tracefile at regular intervals and starts a new file
|
|
##! from scratch.
|
|
|
|
module TrimTraceFile;
|
|
|
|
export {
|
|
## The interval between times that the output tracefile is rotated.
|
|
const trim_interval = 10 mins &redef;
|
|
|
|
## This event can be generated externally to this script if on-demand
|
|
## tracefile rotation is required with the caveat that the script doesn't
|
|
## currently attempt to get back on schedule automatically and the next
|
|
## trim will likely won't happen on the :bro:id:`trim_interval`.
|
|
global go: event(first_trim: bool);
|
|
}
|
|
|
|
event TrimTraceFile::go(first_trim: bool)
|
|
{
|
|
if ( bro_is_terminating() || trace_output_file == "" )
|
|
return;
|
|
|
|
if ( ! first_trim )
|
|
{
|
|
local info = rotate_file_by_name(trace_output_file);
|
|
if ( info$old_name != "" )
|
|
system(fmt("/bin/rm %s", info$new_name));
|
|
}
|
|
|
|
schedule trim_interval { TrimTraceFile::go(F) };
|
|
}
|
|
|
|
event bro_init()
|
|
{
|
|
if ( trim_interval > 0 secs )
|
|
schedule trim_interval { TrimTraceFile::go(T) };
|
|
}
|
|
|