Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/policy/frameworks/management/persistence.zeek
Christian Kreibich d1cd409e59 Management framework: set defaults for log rotation and persistent state 
This adds management/persistence.zeek to establish common configuration for log
rotation and persistent variable state. Log-writing Zeek processes initially
write locally in their working directory, and rotate into subdirectory
"log-queue" of the spool. Since agent and controller have no logger,
persistence.zeek puts in place compatible configurations for them.

Storage folders for Broker-backed tables and clusterized stores default to
subdirectories of the new Zeek-level state folder.

When setting the ZEEK_MANAGEMENT_TESTING environment variable, persistent state
is kept in the local directory, and log rotation remains disabled.

This also tweaks @loads a bit in favor of simply loading frameworks/management,
which is easier to keep track of.
2022-05-26 12:55:10 -07:00

47 lines
1.6 KiB
Text
Raw Blame History

##! Common adjustments for any kind of Zeek node when we run the Management
##! framework.
@load base/misc/installation
@load base/utils/paths
@load ./config
# For testing, keep persistent state local to the current working directory,
# and disable log rotation.
@if ( getenv("ZEEK_MANAGEMENT_TESTING") != "" )
redef Management::spool_dir = ".";
redef Management::state_dir = ".";
redef Log::default_rotation_interval = 0 secs;
@else
# For any kind of Zeek process we steer rotated logs awaiting archival into a
# queue directory in the spool. The name "log-queue" matches logger nodes' default
# config with the Supervisor; see base/frameworks/cluster/nodes/logger.zeek.
redef Log::default_rotation_dir = build_path(Management::get_spool_dir(), "log-queue");
@if ( getenv("ZEEK_MANAGEMENT_NODE") != "" )
# Management agents and controllers don't have loggers, nor their configuration,
# so establish a similar one here:
function archiver_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationPath
{
local open_str = strftime(Log::default_rotation_date_format, ri$open);
local close_str = strftime(Log::default_rotation_date_format, ri$close);
local base = fmt("%s__%s__%s__", ri$path, open_str, close_str);
local rval = Log::RotationPath($file_basename=base);
return rval;
}
redef Log::default_rotation_interval = 1 hrs;
redef Log::enable_local_logging = T;
redef Log::enable_remote_logging = T;
redef Log::rotation_format_func = archiver_rotation_format_func;
redef LogAscii::enable_leftover_log_rotation = T;
@endif # ZEEK_MANAGEMENT_NODE
@endif # ZEEK_MANAGEMENT_TESTING
Reference in a new issue View git blame Copy permalink