42 lines
1.2 KiB
Plaintext
42 lines
1.2 KiB
Plaintext
# Test that the zeekctl cron command does not expire entries in the stats.log
|
|
# file by default. Also test that zeekctl cron expires entries in the stats.log
|
|
# file when the statslogexpireinterval option is set to a non-zero value.
|
|
#
|
|
# @TEST-EXEC: bash %INPUT
|
|
|
|
. zeekctl-test-setup
|
|
|
|
while read line; do installfile $line; done << EOF
|
|
etc/zeekctl.cfg__no_email
|
|
EOF
|
|
|
|
testlogdir=$ZEEKCTL_INSTALL_PREFIX/logs/stats
|
|
teststatslog=$testlogdir/stats.log
|
|
zeekctl install
|
|
|
|
# Create a stats.log file with an old entry and a recent entry
|
|
now=`date +%s`
|
|
yesterday=$(( now - 86400 ))
|
|
mkdir -p ${testlogdir}
|
|
echo "${yesterday}.00 zeek action old" >> ${teststatslog}
|
|
echo "${now}.00 zeek action new" >> ${teststatslog}
|
|
|
|
# Verify that stats.log expire is off by default
|
|
zeekctl config | sed 's/ //g' > tmp
|
|
grep -q statslogexpireinterval=0 tmp
|
|
|
|
zeekctl cron
|
|
|
|
# Verify that zeekctl cron did not remove any log entries
|
|
grep -q "action old" ${teststatslog}
|
|
|
|
# Update the configuration by changing the "statslogexpireinterval" option
|
|
echo "statslogexpireinterval=1" >> $ZEEKCTL_INSTALL_PREFIX/etc/zeekctl.cfg
|
|
zeekctl install
|
|
|
|
zeekctl cron
|
|
|
|
# Verify that zeekctl cron removed the old log entry (and not the recent one)
|
|
! grep -q "action old" ${teststatslog}
|
|
grep -q "action new" ${teststatslog}
|