65 lines
2.4 KiB
Bash
Executable File
65 lines
2.4 KiB
Bash
Executable File
#! /usr/bin/env bash
|
|
#
|
|
# Returns a path where a log file will be archived. This script is called
|
|
# once for each log file being archived. Usage is:
|
|
#
|
|
# make-archive-name <origname> <writer> <timestamp-when-opened> [<timestamp-when-closed>]
|
|
#
|
|
# Example:
|
|
# make-archive-name conn.log ascii 2015-01-20-15-48-23 2015-01-20-16-00-00
|
|
#
|
|
# Example output:
|
|
# 2015-01-20/conn.15:48:23-16:00:00.log
|
|
#
|
|
# origname: The original name of the log file being archived (e.g. conn.log).
|
|
# writer: The name of the log writer type that produced the file.
|
|
# timestamp-when-opened: The timestamp when the log file being archived was
|
|
# created.
|
|
# timestamp-when-closed: The timestamp when the log file being archived was
|
|
# finished. Optional. If not given, the path is used
|
|
# by another script to create a link to the current
|
|
# live version of the file.
|
|
#
|
|
# Additionally, the following environment variables are passed:
|
|
#
|
|
# ZEEK_ARG_LOG_SUFFIX: A suffix to append to the final archive name to avoid
|
|
# filename clashes when running with multiple loggers.
|
|
# This is populated with the name of the logger node,
|
|
# e.g. logger-1, as specified in cluster-layout.zeek
|
|
# only when multiple loggers are configured in node.cfg.
|
|
#
|
|
# The writer is derived from the WRITER_* constants and lower-cased; e.g.,
|
|
# "ascii" for Log::WRITER_ASCII.
|
|
#
|
|
# Times are given in the form "year-month-day-hour-minute-second",
|
|
# e.g., "2010-03-30-13-12-04"
|
|
#
|
|
# The script must return the path under which the file should be
|
|
# archived. A relative path will be interpreted as
|
|
# relative to ZeekControl's standard log directory.
|
|
#
|
|
# Note that even if the logs will later be compressed, this script should
|
|
# always return the filename without any compression extension (such as ".gz");
|
|
# that extension will be appended later.
|
|
|
|
ext=`echo $1 | sed 's/^.*\.//'`
|
|
name=`basename $1 .$ext`
|
|
writer=$2
|
|
opened=$3
|
|
closed=$4
|
|
|
|
day=`echo $opened | awk -F - '{printf "%s-%s-%s", $1, $2, $3}'`
|
|
from=`echo $opened | awk -F - '{printf "%s:%s:%s", $4, $5, $6}'`
|
|
to=`echo $closed | awk -F - '{printf "%s:%s:%s", $4, $5, $6}'`
|
|
|
|
suffix=""
|
|
if [ -n "${ZEEK_ARG_LOG_SUFFIX}" ]; then
|
|
suffix="-${ZEEK_ARG_LOG_SUFFIX}"
|
|
fi
|
|
|
|
if [ -n "$closed" ]; then
|
|
echo $day/$name.$from-$to$suffix.$ext
|
|
else
|
|
echo $day/$name.$from-current$suffix.$ext
|
|
fi
|