mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 07:38:19 +00:00
bbb0b855a2
* topic/robin/rotation-pp: Adding a default_path_func that makes the default naming scheme script-level controlled. Reworking logging's postprocessor logic. Conflicts: scripts/base/frameworks/logging/main.bro testing/btest/policy/frameworks/logging/rotate-custom.bro
31 lines
767 B
Text
31 lines
767 B
Text
#
|
|
# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT 2>&1 | grep "test" >out
|
|
# @TEST-EXEC: for i in test.*.log; do printf '> %s\n' $i; cat $i; done >>out
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
module Test;
|
|
|
|
export {
|
|
# Create a new ID for our log stream
|
|
redef enum Log::ID += { Test };
|
|
|
|
# Define a record with all the columns the log file can have.
|
|
# (I'm using a subset of fields from ssh-ext for demonstration.)
|
|
type Log: record {
|
|
t: time;
|
|
id: conn_id; # Will be rolled out into individual columns.
|
|
} &log;
|
|
}
|
|
|
|
redef Log::default_rotation_interval = 1hr;
|
|
redef Log::default_rotation_postprocessor_cmd = "echo";
|
|
|
|
event bro_init()
|
|
{
|
|
Log::create_stream(Test, [$columns=Log]);
|
|
}
|
|
|
|
event new_connection(c: connection)
|
|
{
|
|
Log::write(Test, [$t=network_time(), $id=c$id]);
|
|
}
|