mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 10:38:20 +00:00
68062e87f1
This pretty much follows the proposal on the projects page.
It includes:
- A new LogMgr, maintaining the set of writers.
- The abstract LogWriter API.
- An initial implementation in the form of LogWriterAscii
producing tab-separated columns.
Note that things are only partially working right now, things are
subject to change, and it's all not much tested at all. That's why I'm
creating separate branch for now.
Example:
bro -B logging test-logging && cat debug.log
1298063168.409852/1298063168.410368 [logging] Created new logging stream 'SSH::LOG_SSH'
1298063168.409852/1298063168.410547 [logging] Created new filter 'default' for stream 'SSH::LOG_SSH'
1298063168.409852/1298063168.410564 [logging] writer : Ascii
1298063168.409852/1298063168.410574 [logging] path : ssh_log_ssh
1298063168.409852/1298063168.410584 [logging] path_func : not set
1298063168.409852/1298063168.410594 [logging] event : not set
1298063168.409852/1298063168.410604 [logging] pred : not set
1298063168.409852/1298063168.410614 [logging] field t: time
1298063168.409852/1298063168.410625 [logging] field id.orig_h: addr
1298063168.409852/1298063168.410635 [logging] field id.orig_p: port
1298063168.409852/1298063168.410645 [logging] field id.resp_h: addr
1298063168.409852/1298063168.410655 [logging] field id.resp_p: port
1298063168.409852/1298063168.410665 [logging] field status: string
1298063168.409852/1298063168.410675 [logging] field country: string
1298063168.409852/1298063168.410817 [logging] Wrote record to filter 'default' on stream 'SSH::LOG_SSH'
1298063168.409852/1298063168.410865 [logging] Wrote record to filter 'default' on stream 'SSH::LOG_SSH'
1298063168.409852/1298063168.410906 [logging] Wrote record to filter 'default' on stream 'SSH::LOG_SSH'
1298063168.409852/1298063168.410945 [logging] Wrote record to filter 'default' on stream 'SSH::LOG_SSH'
1298063168.409852/1298063168.411044 [logging] Wrote record to filter 'default' on stream 'SSH::LOG_SSH
> cat ssh_log_ssh.log
1298063168.40985 1.2.3.4 66770 2.3.4.5 65616 success unknown
1298063168.40985 1.2.3.4 66770 2.3.4.5 65616 failure US
1298063168.40985 1.2.3.4 66770 2.3.4.5 65616 failure UK
1298063168.40985 1.2.3.4 66770 2.3.4.5 65616 success BR
1298063168.40985 1.2.3.4 66770 2.3.4.5 65616 failure MX
89 lines
2.2 KiB
C++
89 lines
2.2 KiB
C++
// $Id: DebugLogger.h 4771 2007-08-11 05:50:24Z vern $
|
|
//
|
|
// A logger for (selective) debugging output. Only compiled in if DEBUG is
|
|
// defined.
|
|
|
|
#ifndef debug_logger_h
|
|
#define debug_logger_h
|
|
|
|
#ifdef DEBUG
|
|
|
|
#include <stdio.h>
|
|
|
|
// To add a new debugging stream, add a constant here as well as
|
|
// an entry to DebugLogger::streams in DebugLogger.cc.
|
|
|
|
enum DebugStream {
|
|
DBG_SERIAL, // Serialization
|
|
DBG_RULES, // Signature matching
|
|
DBG_COMM, // Remote communication
|
|
DBG_STATE, // StateAccess logging
|
|
DBG_CHUNKEDIO, // ChunkedIO logging
|
|
DBG_COMPRESSOR, // Connection compressor
|
|
DBG_STRING, // String code
|
|
DBG_NOTIFIERS, // Notifiers (see StateAccess.h)
|
|
DBG_MAINLOOP, // Main IOSource loop
|
|
DBG_DPD, // Dynamic application detection framework
|
|
DBG_TM, // Time-machine packet input via Brocolli
|
|
DBG_LOGGING, // Logging streams
|
|
|
|
NUM_DBGS // Has to be last
|
|
};
|
|
|
|
#define DBG_LOG(args...) debug_logger.Log(args)
|
|
#define DBG_LOG_VERBOSE(args...) \
|
|
if ( debug_logger.IsVerbose() ) \
|
|
debug_logger.Log(args)
|
|
#define DBG_PUSH(stream) debug_logger.PushIndent(stream)
|
|
#define DBG_POP(stream) debug_logger.PopIndent(stream)
|
|
|
|
class DebugLogger {
|
|
public:
|
|
// Output goes to stderr per default.
|
|
DebugLogger(const char* filename = 0);
|
|
~DebugLogger();
|
|
|
|
void Log(DebugStream stream, const char* fmt, ...);
|
|
|
|
void PushIndent(DebugStream stream)
|
|
{ ++streams[int(stream)].indent; }
|
|
void PopIndent(DebugStream stream)
|
|
{ --streams[int(stream)].indent; }
|
|
|
|
void EnableStream(DebugStream stream)
|
|
{ streams[int(stream)].enabled = true; }
|
|
void DisableStream(DebugStream stream)
|
|
{ streams[int(stream)].enabled = false; }
|
|
|
|
// Takes comma-seperated list of stream prefixes.
|
|
void EnableStreams(const char* streams);
|
|
|
|
bool IsEnabled(DebugStream stream) const
|
|
{ return streams[int(stream)].enabled; }
|
|
|
|
void SetVerbose(bool arg_verbose) { verbose = arg_verbose; }
|
|
bool IsVerbose() const { return verbose; }
|
|
|
|
private:
|
|
FILE* file;
|
|
bool verbose;
|
|
|
|
struct Stream {
|
|
const char* prefix;
|
|
int indent;
|
|
bool enabled;
|
|
};
|
|
|
|
static Stream streams[NUM_DBGS];
|
|
};
|
|
|
|
extern DebugLogger debug_logger;
|
|
|
|
#else
|
|
#define DBG_LOG(args...)
|
|
#define DBG_LOG_VERBOSE(args...)
|
|
#define DBG_PUSH(stream)
|
|
#define DBG_POP(stream)
|
|
#endif
|
|
|
|
#endif
|