pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/auxil/zeekctl/testing/helper/archive-log-compresscmd.test
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

72 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

# Test that the archive-log script archives and compresses a specified
# log file (including a connection summary report) according to the
# CompressCmd and CompressExtension zeekctl options.
#
# @TEST-EXEC: bash %INPUT
. zeekctl-test-setup
while read line; do installfile $line; done << EOF
bin/compress__test --new
EOF
cat >> $ZEEKCTL_INSTALL_PREFIX/etc/zeekctl.cfg << EOF
compresscmd=@PREFIX@/bin/compress -i
compressextension=zeekctlcompress
sendmail=
EOF
replaceprefix etc/zeekctl.cfg
archivelog=$ZEEKCTL_INSTALL_PREFIX/share/zeekctl/scripts/archive-log
logdir=$ZEEKCTL_INSTALL_PREFIX/logs/2013-12-30
connlog=${logdir}/conn.22:24:20-22:30:00.log.zeekctlcompress
testlog=${logdir}/zeekctltest.22:24:20-22:30:00.log.zeekctlcompress
connsummarylog=${logdir}/conn-summary.22:24:20-22:30:00.log.zeekctlcompress
origconnlog=conn.2013-12-30-22-24-20.log
origtestlog=zeekctltest.2013-12-30-22-24-20.log
zeekctl install
# Create Zeek's working directory, chdir to that dir, and create rotated logs
mkdir $ZEEKCTL_INSTALL_PREFIX/spool/zeek
cd $ZEEKCTL_INSTALL_PREFIX/spool/zeek
cat > ${origconnlog} << _EOF_
# This is a ZEEKCTL TEST
_EOF_
cat > ${origtestlog} << _EOF_
# This is a ZEEKCTL TEST
_EOF_
###############################################
# Test archive-log for the conn.log file
${archivelog} ${origconnlog} conn 13-12-30_22.24.20 13-12-30_22.30.00 0 ascii
# verify that the logs were archived
test ! -f ${origconnlog}
test -f ${connlog}
test -f ${connsummarylog}
# verify that the logs were compressed according to the zeekctl options
grep -q "compressed" ${connlog}
grep -q "compress option" ${connlog}
grep -q ">== Total ===" ${connsummarylog}
grep -q "compress option" ${connsummarylog}
###############################################
# Test archive-log for a different log file
# verify that the zeekctltest.log was not archived yet
test ! -f ${testlog}
${archivelog} ${origtestlog} zeekctltest 13-12-30_22.24.20 13-12-30_22.30.00 0 ascii
# verify that zeekctltest.log was archived
test ! -f ${origtestlog}
test -f ${testlog}
# verify that zeekctltest.log was compressed according to the zeekctl options
grep -q "compressed" ${testlog}
grep -q "compress option" ${testlog}
Reference in New Issue View Git Blame Copy Permalink