# Start a cluster with 5 loggers and a very small rotation interval of 3 seconds. Run it for a few seconds and ensure the logs/ directory contains files for each individual logger. # # @TEST-EXEC: bash %INPUT # @TEST-EXEC: btest-diff unique_loggers.out # @TEST-EXEC: btest-diff log_suffix_files.out # @TEST-SERIALIZE: listen . zeekctl-test-setup cp $TEST_BASE/rotation/much-logging.zeek $ZEEKCTL_INSTALL_PREFIX/share/zeek/site/ echo "@load ./much-logging" >> $ZEEKCTL_INSTALL_PREFIX/share/zeek/site/local.zeek echo "LogRotationInterval=3" >> $ZEEKCTL_INSTALL_PREFIX/etc/zeekctl.cfg installfile etc/node.cfg__five_loggers zeekctl check >&2 zeekctl install >&2 # No workers: They fail listening on interfaces (eth0 does not exist, or permissions). zeekctl start loggers manager proxies >&2 set -eu # With 5 loggers and a rotation interval of 3, there should be 10 much-logging # files after some 6 seconds. Give it 20 seconds for wiggle room and slow CI # systems to find them. expected_logs=10 force_stop_time=$(date -d '+20seconds' +%s) good=0 while [ "$(date +%s)" -le "$force_stop_time" ]; do the_logs=$(find $ZEEKCTL_INSTALL_PREFIX/logs/ -regex '.*/much-logging\..*\.log\.gz') count=$(echo "$the_logs" | wc -l) if [ "$count" -ge "$expected_logs" ]; then good=1 break fi sleep 1 done if [ "$good" -eq 0 ]; then echo "Did not find enough much-logging logs: Only have ${count}" >&2 exit 1 fi # Grab the unique logger names from log files named as follows and put # into a file for baselining. # # test.215416/logs/2023-04-18/much-logging.09:18:06-09:18:06-logger-4.log.gz # echo "$the_logs" | sed -E 's/.*-(logger-.*)\.log\.gz/\1/g' | sort -u > unique_loggers.out # Ensure the logger's spool directories contain a .log_suffix file with # the Cluster::node name as content. `ls -d` for sort guarantees. for logger_dir in $(ls -d $ZEEKCTL_INSTALL_PREFIX/spool/logger-*); do f=$logger_dir/.log_suffix echo "Contents of $(basename $logger_dir)/.log_suffix: $(cat $f)" >> log_suffix_files.out 2>&1 done set +eu