Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log/eve: Threaded filename change: eve.N.json #5461

Closed
wants to merge 4 commits into from
Closed

log/eve: Threaded filename change: eve.N.json #5461

wants to merge 4 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #5454

This commit changes the name of the file used with threaded eve logging
to better support log rotation

Instead of using "eve.json.N" and creating potential issues with log
rotation (which also uses a ".N" suffix), the eve logs will be named
"eve.N.json" when threaded.

Describe changes:

  • Remove extra SCLogNotice calls

PRScript output (if applicable):

#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch:

@jlucovsky
path: SCBasename - function to return basename
941ce6d 
This commit returns the basename of a file, if it exists
in the same way that `basename(1)` works.
@jlucovsky
log/eve: Threaded filename change: eve.N.json
02587d3 
This commit changes the name of the file used with threaded eve logging
to better support log rotation

Instead of using "eve.json.N" and creating potential issues with log
rotation (which also uses a ".N" suffix), the eve logs will be named
"eve.N.json" when threaded.
@jlucovsky
output/json: Update threaded filename example
3a82778
@jlucovsky
doc/eve: Update threaded filename examples
fab601a
@jlucovsky jlucovsky requested review from norg and a team as code owners October 3, 2020 12:22
@jlucovsky jlucovsky mentioned this pull request Oct 3, 2020
Closed
victorjulien
victorjulien reviewed Oct 3, 2020
View reviewed changes
src/util-logopenfile.c
snprintf(fname, sizeof(fname), "%s.%d", log_path, SC_ATOMIC_ADD(eve_file_suffix, 1));
if (!LogFileThreadedName(log_path, fname, sizeof(fname), SC_ATOMIC_ADD(eve_file_id, 1))) {
SCLogError(SC_ERR_MEM_ALLOC, "Unable to create threaded filename for log");
return false;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thread is leaked here. Should this be a goto error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes -- good catch; thanks.

@jlucovsky jlucovsky mentioned this pull request Oct 4, 2020
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #5463

@jlucovsky jlucovsky closed this Oct 4, 2020
@victorjulien victorjulien mentioned this pull request Oct 5, 2020
Closed
@jlucovsky jlucovsky deleted the filename/6 branch October 5, 2020 12:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlucovsky @victorjulien