Add a rotation flag to LogFileCtx which loggers can use to register

for log rotation. Have the LogFileCtx handle the log rotation.
12 years ago · c1b6894ce3
parent 698a0f7f48
commit c1b6894ce3
2 changed files with 53 additions and 0 deletions
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@ -75,6 +75,12 @@ err:

 static int SCLogFileWrite(const char *buffer, int buffer_len, LogFileCtx *log_ctx)
 {
+    /* Check for rotation. */
+    if (log_ctx->rotation_flag) {
+        log_ctx->rotation_flag = 0;
+        SCConfLogReopen(log_ctx);
+    }
+
    int ret = fwrite(buffer, buffer_len, 1, log_ctx->fp);
    fflush(log_ctx->fp);

@ -193,6 +199,13 @@ SCConfLogOpenGeneric(ConfNode *conf,
        log_ctx->fp = SCLogOpenFileFp(log_path, append);
        if (log_ctx->fp == NULL)
            return -1; // Error already logged by Open...Fp routine
+        log_ctx->is_regular = 1;
+        log_ctx->filename = SCStrdup(log_path);
+        if (unlikely(log_ctx->filename == NULL)) {
+            SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate memory for "
+                "filename");
+            return -1;
+        }
    } else if (strcasecmp(filetype, "pcie") == 0) {
        log_ctx->pcie_fp = SCLogOpenPcieFp(log_ctx, log_path, append);
        if (log_ctx->pcie_fp == NULL)
@ -211,6 +224,38 @@ SCConfLogOpenGeneric(ConfNode *conf,
    return 0;
 }

+/**
+ * \brief Reopen a regular log file with the side-affect of truncating it.
+ *
+ * This is useful to clear the log file and start a new one, or to
+ * re-open the file after its been moved by something external
+ * (eg. logrotate).
+ */
+int SCConfLogReopen(LogFileCtx *log_ctx)
+{
+    if (!log_ctx->is_regular) {
+        /* Not supported and not needed on non-regular files. */
+        return 0;
+    }
+
+    if (log_ctx->filename == NULL) {
+        SCLogWarning(SC_ERR_INVALID_ARGUMENT,
+            "Can't re-open LogFileCtx without a filename.");
+        return -1;
+    }
+
+    fclose(log_ctx->fp);
+
+    /* Reopen the file.  In this case do not append like may have been
+     * done on the initial opening of the file. */
+    log_ctx->fp = SCLogOpenFileFp(log_ctx->filename, "no");
+    if (log_ctx->fp == NULL) {
+        return -1; // Already logged by Open..Fp routine.
+    }
+
+    return 0;
+}
+
 /** \brief LogFileNewCtx() Get a new LogFileCtx
 *  \retval LogFileCtx * pointer if succesful, NULL if error
 *  */
--- a/src/util-logopenfile.h
+++ b/src/util-logopenfile.h
@ -61,6 +61,13 @@ typedef struct LogFileCtx_ {
    uint64_t alerts;
    /* flag to avoid multiple threads printing the same stats */
    uint8_t flags;
+
+    /* Flag if file is a regular file or not.  Only regular files
+     * allow for rotataion. */
+    uint8_t is_regular;
+
+    /* Flag set when file rotation notification is received. */
+    int rotation_flag;
 } LogFileCtx;

 /* flags for LogFileCtx */
@ -71,5 +78,6 @@ LogFileCtx *LogFileNewCtx(void);
 int LogFileFreeCtx(LogFileCtx *);

 int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *, const char *);
+int SCConfLogReopen(LogFileCtx *);

 #endif /* __UTIL_LOGOPENFILE_H__ */