mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
f73eb3b086
Turns out the finish methods weren't called correctly, caused by a
mess up with method names which all sounded too similar and the wrong
one ended up being called. I've reworked this by changing the
thread/writer/reader interfaces, which actually also simplifies them
by getting rid of the requirement for writer backends to call their
parent methods (i.e., less opportunity for errors).
This commit also includes the following (because I noticed the problem
above when working on some of these):
- The ASCII log writer now includes "#start <timestamp>" and
"#end <timestamp> lines in the each file. The latter supersedes
Bernhard's "EOF" patch.
This required a number of tests updates. The standard canonifier
removes the timestamps, but some tests compare files directly,
which doesn't work if they aren't printing out the same
timestamps (like the comm tests).
- The above required yet another change to the writer API to
network_time to methods.
- Renamed ASCII logger "header" options to "meta".
- Fixes #763 "Escape # when first character in log file line".
All btests pass for me on Linux FC15. Will try MacOS next.
48 lines
1.7 KiB
Text
48 lines
1.7 KiB
Text
##! Interface for the ASCII log writer. Redefinable options are available
|
|
##! to tweak the output format of ASCII logs.
|
|
|
|
module LogAscii;
|
|
|
|
export {
|
|
## If true, output everything to stdout rather than
|
|
## into files. This is primarily for debugging purposes.
|
|
const output_to_stdout = F &redef;
|
|
|
|
## If true, include lines with log meta information such as column names with
|
|
## types, the values of ASCII logging options that in use, and the time when the
|
|
## file was opened and closes (the latter at the end).
|
|
const include_meta = T &redef;
|
|
|
|
## Prefix for lines with meta information.
|
|
const meta_prefix = "#" &redef;
|
|
|
|
## Separator between fields.
|
|
const separator = "\t" &redef;
|
|
|
|
## Separator between set elements.
|
|
const set_separator = "," &redef;
|
|
|
|
## String to use for empty fields. This should be different from
|
|
## *unset_field* to make the output non-ambigious.
|
|
const empty_field = "(empty)" &redef;
|
|
|
|
## String to use for an unset &optional field.
|
|
const unset_field = "-" &redef;
|
|
}
|
|
|
|
# Default function to postprocess a rotated ASCII log file. It moves the rotated
|
|
# file to a new name that includes a timestamp with the opening time, and then
|
|
# runs the writer's default postprocessor command on it.
|
|
function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool
|
|
{
|
|
# Move file to name including both opening and closing time.
|
|
local dst = fmt("%s.%s.log", info$path,
|
|
strftime(Log::default_rotation_date_format, info$open));
|
|
|
|
system(fmt("/bin/mv %s %s", info$fname, dst));
|
|
|
|
# Run default postprocessor.
|
|
return Log::run_rotation_postprocessor_cmd(info, dst);
|
|
}
|
|
|
|
redef Log::default_rotation_postprocessors += { [Log::WRITER_ASCII] = default_rotation_postprocessor_func };
|