Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/frameworks/cluster/nodes/logger.zeek
Jon Siwek a06ef66edc Add Log::rotation_format_func and Log::default_rotation_dir options 
These may be redefined to customize log rotation path prefixes,
including use of a directory.  File extensions are still up to
individual log writers to add themselves during the actual rotation.

These new also allow for some simplication to the default
ASCII postprocessor function: it eliminates the need for it doing an
extra/awkward rename() operation that only changes the timestamp format.

This also teaches the supervisor framework to use these new options
to rotate ascii logs into a log-queue/ directory with a specific
file name format (intended for an external archiver process to
monitor separately).
2020-07-07 18:42:37 -07:00

45 lines
1.4 KiB
Text
Raw Blame History

##! This is the core Zeek script to support the notion of a cluster logger.
##!
##! The logger is passive (other Zeek instances connect to us), and once
##! connected the logger receives logs from other Zeek instances.
##! This script will be automatically loaded if necessary based on the
##! type of node being started.
##! This is where the cluster logger sets it's specific settings for other
##! frameworks and in the core.
@prefixes += cluster-logger
## Turn on local logging.
redef Log::enable_local_logging = T;
## Turn off remote logging since this is the logger and should only log here.
redef Log::enable_remote_logging = F;
## Log rotation interval.
redef Log::default_rotation_interval = 1 hrs;
## Alarm summary mail interval.
redef Log::default_mail_alarms_interval = 24 hrs;
@if ( Supervisor::is_supervised() )
redef Log::default_rotation_dir = "log-queue";
function supervisor_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationPath
{
local open_str = strftime(Log::default_rotation_date_format, ri$open);
local close_str = strftime(Log::default_rotation_date_format, ri$open);
local prefix = fmt("%s__%s__%s__", ri$path, open_str, close_str);
local rval = Log::RotationPath($file_prefix=prefix);
return rval;
}
redef Log::rotation_format_func = supervisor_rotation_format_func;
@else
## Use the cluster's archive logging script.
redef Log::default_rotation_postprocessor_cmd = "archive-log";
@endif
Reference in a new issue View git blame Copy permalink