pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/auxil/zeekctl/testing/helper/archive-log-logdir.test
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

69 lines
2.0 KiB
Plaintext
Raw Blame History

# Test that the archive-log script archives and compresses a specified log
# file (including a connection summary report) when a custom log directory
# is specified with the "LogDir" option.
#
# @TEST-EXEC: bash %INPUT
. zeekctl-test-setup
while read line; do installfile $line; done << EOF
etc/zeekctl.cfg__test_sendmail
bin/sendmail__test --new
EOF
replaceprefix etc/zeekctl.cfg
echo "LogDir=$ZEEKCTL_INSTALL_PREFIX/mylogs" >> $ZEEKCTL_INSTALL_PREFIX/etc/zeekctl.cfg
archivelog=$ZEEKCTL_INSTALL_PREFIX/share/zeekctl/scripts/archive-log
logdir=$ZEEKCTL_INSTALL_PREFIX/mylogs/2013-12-30
connlog=${logdir}/conn.22:24:20-22:30:00.log.gz
testlog=${logdir}/zeekctltest.22:24:20-22:30:00.log.gz
connsummarylog=${logdir}/conn-summary.22:24:20-22:30:00.log.gz
origconnlog=conn.2013-12-30-22-24-20.log
origtestlog=zeekctltest.2013-12-30-22-24-20.log
# Create the custom log dir (zeekctl does not do this)
mkdir $ZEEKCTL_INSTALL_PREFIX/mylogs
zeekctl install
# Create Zeek's working directory, chdir to that dir, and create rotated logs
mkdir $ZEEKCTL_INSTALL_PREFIX/spool/zeek
cd $ZEEKCTL_INSTALL_PREFIX/spool/zeek
cat > ${origconnlog} << _EOF_
# This is a test conn.log
_EOF_
cat > ${origtestlog} << _EOF_
# This is a test zeekctltest.log
_EOF_
###############################################
# Test archive-log for the conn.log file
${archivelog} ${origconnlog} conn 13-12-30_22.24.20 13-12-30_22.30.00 0 ascii
# verify that the logs were archived
test ! -f ${origconnlog}
test -f ${connlog}
test -f ${connsummarylog}
# verify that the logs were compressed
! grep -q "This is a test" ${connlog}
! grep -q ">== Total ===" ${connsummarylog}
###############################################
# Test archive-log for a different log file
# verify that the zeekctltest.log was not archived yet
test ! -f ${testlog}
${archivelog} ${origtestlog} zeekctltest 13-12-30_22.24.20 13-12-30_22.30.00 0 ascii
# verify that zeekctltest.log was archived
test ! -f ${origtestlog}
test -f ${testlog}
# verify that zeekctltest.log was compressed
! grep -q "This is a test" ${testlog}
Reference in New Issue View Git Blame Copy Permalink