Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/frameworks/logging
History
Arne Welzel f0e67022fd logging: Introduce Log::delay() and Log::delay_finish() 
This is a verbose, opinionated and fairly restrictive version of the log delay idea.
Main drivers are explicitly, foot-gun-avoidance and implementation simplicity.

Calling the new Log::delay() function is only allowed within the execution
of a Log::log_stream_policy() hook for the currently active log write.

Conceptually, the delay is placed between the execution of the global stream
policy hook and the individual filter policy hooks. A post delay callback
can be registered with every Log::delay() invocation. Post delay callbacks
can (1) modify a log record as they see fit, (2) veto the forwarding of the
log record to the log filters and (3) extend the delay duration by calling
Log::delay() again. The last point allows to delay a record by an indefinite
amount of time, rather than a fixed maximum amount. This should be rare and
is therefore explicit.

Log::delay() increases an internal reference count and returns an opaque
token value to be passed to Log::delay_finish() to release a delay reference.
Once all references are released, the record is forwarded to all filters
attached to a stream when the delay completes.

This functionality separates Log::log_stream_policy() and individual filter
policy hooks. One consequence is that a common use-case of filter policy hooks,
removing unproductive log records, may run after a record was delayed. Users
can lift their filtering logic to the stream level (or replicate the condition
before the delay decision). The main motivation here is that deciding on a
stream-level delay in per-filter hooks is too late. Attaching multiple filters
to a stream can additionally result in hard to understand behavior.

On the flip side, filter policy hooks are guaranteed to run after the delay
and can be used for further mangling or filtering of a delayed record.
2023-11-29 11:53:11 +01:00
..
delay logging: Introduce Log::delay() and Log::delay_finish() 2023-11-29 11:53:11 +01:00
sqlite Remove @load base/frameworks/dpd from tests 2022-08-31 17:00:55 +02:00
adapt-filter.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-binary.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-double.zeek Canonifier improvements for the scripts.base.frameworks.logging.ascii-double test 2020-12-06 20:19:52 -08:00
ascii-empty.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-escape-binary.zeek Switch the TSV Zeek logs to be UTF8 by default. 2021-09-07 09:16:53 -07:00
ascii-escape-empty-str.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-escape-notset-str.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-escape-odd-url.zeek General btest cleanup 2020-08-11 11:26:22 -07:00
ascii-escape-set-separator.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-escape.zeek egrep reported as obsolete by opensuse-tumbleweed builds 2022-10-27 11:48:43 -07:00
ascii-gz-rotate.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-gz.zeek Adjust btests for OpenBSD portability 2019-11-08 17:32:44 -08:00
ascii-json-iso-timestamps.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-json-optional.zeek Add LogAscii::json_include_unset_fields flag to control unset field rendering 2021-12-08 17:29:07 -08:00
ascii-json-utf8.zeek Merge remote-tracking branch 'origin/topic/timw/cleaner-utf8' 2019-07-29 09:25:25 -07:00
ascii-json.zeek GH-606: Output nulls into json data if a field isn't set 2019-09-27 14:12:48 -07:00
ascii-line-like-comment.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-logdir.zeek Remove LogAscii::logdir (6.1 deprecation) 2023-06-14 10:07:22 -07:00
ascii-options.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-timestamps.zeek GH-1450: Improve printing/logging of large double/interval/time values 2021-04-06 19:54:02 -07:00
ascii-tsv.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
ascii-utf8-enabled-control-characters.zeek Removed Policy Script for UTF-8 Logs 2019-07-30 11:19:06 -07:00
ascii-utf8-enabled-set-separator-escape.zeek Removed Policy Script for UTF-8 Logs 2019-07-30 11:19:06 -07:00
ascii-utf8-enabled.zeek Removed Policy Script for UTF-8 Logs 2019-07-30 11:19:06 -07:00
attr-extend.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
attr.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
disable-stream.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
empty-event.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
enable-stream.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
env-ext.test General btest cleanup 2020-08-11 11:26:22 -07:00
event-groups-integration.zeek logging: Add event_groups to Stream 2022-12-09 16:59:36 +01:00
events.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
exclude.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
field-extension-cluster-error.zeek cluster: Deprecate the Cluster::Node$interface field 2023-11-07 16:06:16 +01:00
field-extension-cluster.zeek cluster: Deprecate the Cluster::Node$interface field 2023-11-07 16:06:16 +01:00
field-extension-complex.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
field-extension-include-exclude.zeek Fix type clash fatal error with log filters that use $ext_func and $include/$exclude 2020-11-10 18:13:16 -08:00
field-extension-invalid.zeek base/frameworks/spicy: Do not load base/misc/version 2023-10-24 13:15:21 +02:00
field-extension-optional.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
field-extension-table.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
field-extension.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
field-name-map.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
field-name-map2.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
file.zeek Remove deprecated open_log_file and log_file_name functions 2019-06-27 17:43:20 -07:00
hooks.zeek Tighten the scripts.base.frameworks.logging.hooks test 2023-02-01 15:12:20 -08:00
include.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
no-local.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
none-debug.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
path-func-column-demote.zeek Tighten local-nets filtering in the logging framework's path-func-column-demote test 2023-03-15 17:01:01 -07:00
path-func.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
pred.zeek Remove deprecated log filter predicates for 4.1 2021-01-27 10:52:40 -07:00
print-log-stdout.zeek Merge remote-tracking branch 'origin/topic/dev/print-to-log' 2019-12-02 13:47:09 -08:00
print-log.zeek Added a non boolean configuration and other changes as suggested by Jon 2019-11-26 21:53:21 -08:00
remove.zeek Remove unnecessary -B arguments from Zeek invocations in testsuite 2021-06-24 17:05:32 -07:00
rotate-ascii-logdir-leftover-log-rotation.zeek Remove LogAscii::logdir (6.1 deprecation) 2023-06-14 10:07:22 -07:00
rotate-custom-fmt-func-bad.zeek logging/Manager: Fix crash for rotation format function not returning 2023-04-13 09:23:51 +02:00
rotate-custom-fmt-func.zeek egrep reported as obsolete by opensuse-tumbleweed builds 2022-10-27 11:48:43 -07:00
rotate-custom.zeek egrep reported as obsolete by opensuse-tumbleweed builds 2022-10-27 11:48:43 -07:00
rotate-default-logdir-leftover-log-rotation-shadow-files.zeek logging: Introduce Log::default_logdir deprecate LogAscii::logdir and per writer logdir 2022-07-06 18:54:29 +02:00
rotate-default-logdir-leftover-log-rotation-stale-shadow-files.zeek logging: Introduce Log::default_logdir deprecate LogAscii::logdir and per writer logdir 2022-07-06 18:54:29 +02:00
rotate-default-logdir.zeek logging: Introduce Log::default_logdir deprecate LogAscii::logdir and per writer logdir 2022-07-06 18:54:29 +02:00
rotate-leftover-log-rotation-shadow-files.zeek logging/ascii: Fix .shadow paths when using LogAscii::logdir 2022-07-06 13:21:21 +02:00
rotate-pp-env.zeek logging: Support rotation_postprocessor_command_env 2023-04-17 13:10:14 +00:00
rotate-sanitize.zeek Merge remote-tracking branch 'origin/topic/robin/gh-54-sanitize' 2021-09-22 12:17:05 -07:00
rotate.zeek More bro-to-zeek renaming in the unit tests 2019-05-16 02:27:54 -05:00
scope_sep.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
scope_sep_and_field_name_map.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
stdout.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
telemetry.zeek logging: Add telemetry for streams and log writers 2023-02-27 12:51:03 +01:00
test-logging.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
types.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
unset-record.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
vec.zeek GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 2019-05-01 21:43:45 +00:00
writer-path-conflict.zeek General btest cleanup 2020-08-11 11:26:22 -07:00