# Test that the archive-log script archives and compresses a specified log # file (including a connection summary report) when a custom log directory # is specified with the "LogDir" option. # # @TEST-EXEC: bash %INPUT . zeekctl-test-setup while read line; do installfile $line; done << EOF etc/zeekctl.cfg__test_sendmail bin/sendmail__test --new EOF replaceprefix etc/zeekctl.cfg echo "LogDir=$ZEEKCTL_INSTALL_PREFIX/mylogs" >> $ZEEKCTL_INSTALL_PREFIX/etc/zeekctl.cfg archivelog=$ZEEKCTL_INSTALL_PREFIX/share/zeekctl/scripts/archive-log logdir=$ZEEKCTL_INSTALL_PREFIX/mylogs/2013-12-30 connlog=${logdir}/conn.22:24:20-22:30:00.log.gz testlog=${logdir}/zeekctltest.22:24:20-22:30:00.log.gz connsummarylog=${logdir}/conn-summary.22:24:20-22:30:00.log.gz origconnlog=conn.2013-12-30-22-24-20.log origtestlog=zeekctltest.2013-12-30-22-24-20.log # Create the custom log dir (zeekctl does not do this) mkdir $ZEEKCTL_INSTALL_PREFIX/mylogs zeekctl install # Create Zeek's working directory, chdir to that dir, and create rotated logs mkdir $ZEEKCTL_INSTALL_PREFIX/spool/zeek cd $ZEEKCTL_INSTALL_PREFIX/spool/zeek cat > ${origconnlog} << _EOF_ # This is a test conn.log _EOF_ cat > ${origtestlog} << _EOF_ # This is a test zeekctltest.log _EOF_ ############################################### # Test archive-log for the conn.log file ${archivelog} ${origconnlog} conn 13-12-30_22.24.20 13-12-30_22.30.00 0 ascii # verify that the logs were archived test ! -f ${origconnlog} test -f ${connlog} test -f ${connsummarylog} # verify that the logs were compressed ! grep -q "This is a test" ${connlog} ! grep -q ">== Total ===" ${connsummarylog} ############################################### # Test archive-log for a different log file # verify that the zeekctltest.log was not archived yet test ! -f ${testlog} ${archivelog} ${origtestlog} zeekctltest 13-12-30_22.24.20 13-12-30_22.30.00 0 ascii # verify that zeekctltest.log was archived test ! -f ${origtestlog} test -f ${testlog} # verify that zeekctltest.log was compressed ! grep -q "This is a test" ${testlog}