1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# Test that the zeekctl cron command does not expire entries in the stats.log
# file by default. Also test that zeekctl cron expires entries in the stats.log
# file when the statslogexpireinterval option is set to a non-zero value.
#
# @TEST-EXEC: bash %INPUT
. zeekctl-test-setup
while read line; do installfile $line; done << EOF
etc/zeekctl.cfg__no_email
EOF
testlogdir=$ZEEKCTL_INSTALL_PREFIX/logs/stats
teststatslog=$testlogdir/stats.log
zeekctl install
# Create a stats.log file with an old entry and a recent entry
now=`date +%s`
yesterday=$(( now - 86400 ))
mkdir -p ${testlogdir}
echo "${yesterday}.00 zeek action old" >> ${teststatslog}
echo "${now}.00 zeek action new" >> ${teststatslog}
# Verify that stats.log expire is off by default
zeekctl config | sed 's/ //g' > tmp
grep -q statslogexpireinterval=0 tmp
zeekctl cron
# Verify that zeekctl cron did not remove any log entries
grep -q "action old" ${teststatslog}
# Update the configuration by changing the "statslogexpireinterval" option
echo "statslogexpireinterval=1" >> $ZEEKCTL_INSTALL_PREFIX/etc/zeekctl.cfg
zeekctl install
zeekctl cron
# Verify that zeekctl cron removed the old log entry (and not the recent one)
! grep -q "action old" ${teststatslog}
grep -q "action new" ${teststatslog}
|
