Add a rotation flag to LogFileCtx which loggers can use to register

for log rotation.  Have the LogFileCtx handle the log rotation.

diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c
index 743e24c9ea6de5fec04d7539ebb76fbb8e900fdc..86e61db7ccf1962808b4008ece050c8002963a1c 100644 (file)
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@@ -75,6 +75,12 @@ err:
 
 static int SCLogFileWrite(const char *buffer, int buffer_len, LogFileCtx *log_ctx)
 {
+    /* Check for rotation. */
+    if (log_ctx->rotation_flag) {
+        log_ctx->rotation_flag = 0;
+        SCConfLogReopen(log_ctx);
+    }
+
     int ret = fwrite(buffer, buffer_len, 1, log_ctx->fp);
     fflush(log_ctx->fp);
 
@@ -193,6 +199,13 @@ SCConfLogOpenGeneric(ConfNode *conf,
         log_ctx->fp = SCLogOpenFileFp(log_path, append);
         if (log_ctx->fp == NULL)
             return -1; // Error already logged by Open...Fp routine
+        log_ctx->is_regular = 1;
+        log_ctx->filename = SCStrdup(log_path);
+        if (unlikely(log_ctx->filename == NULL)) {
+            SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate memory for "
+                "filename");
+            return -1;
+        }
     } else if (strcasecmp(filetype, "pcie") == 0) {
         log_ctx->pcie_fp = SCLogOpenPcieFp(log_ctx, log_path, append);
         if (log_ctx->pcie_fp == NULL)
@@ -211,6 +224,38 @@ SCConfLogOpenGeneric(ConfNode *conf,
     return 0;
 }
 
+/**
+ * \brief Reopen a regular log file with the side-affect of truncating it.
+ *
+ * This is useful to clear the log file and start a new one, or to
+ * re-open the file after its been moved by something external
+ * (eg. logrotate).
+ */
+int SCConfLogReopen(LogFileCtx *log_ctx)
+{
+    if (!log_ctx->is_regular) {
+        /* Not supported and not needed on non-regular files. */
+        return 0;
+    }
+
+    if (log_ctx->filename == NULL) {
+        SCLogWarning(SC_ERR_INVALID_ARGUMENT,
+            "Can't re-open LogFileCtx without a filename.");
+        return -1;
+    }
+
+    fclose(log_ctx->fp);
+
+    /* Reopen the file.  In this case do not append like may have been
+     * done on the initial opening of the file. */
+    log_ctx->fp = SCLogOpenFileFp(log_ctx->filename, "no");
+    if (log_ctx->fp == NULL) {
+        return -1; // Already logged by Open..Fp routine.
+    }
+
+    return 0;
+}
+
 /** \brief LogFileNewCtx() Get a new LogFileCtx
  *  \retval LogFileCtx * pointer if succesful, NULL if error
  *  */

diff --git a/src/util-logopenfile.h b/src/util-logopenfile.h
index ef15736fab2066ddcd6b42a1f8280bb1d6d1c735..65d179a6f77595641da6db0c67ba213445b3ee1d 100644 (file)
--- a/src/util-logopenfile.h
+++ b/src/util-logopenfile.h
@@ -61,6 +61,13 @@ typedef struct LogFileCtx_ {
     uint64_t alerts;
     /* flag to avoid multiple threads printing the same stats */
     uint8_t flags;
+
+    /* Flag if file is a regular file or not.  Only regular files
+     * allow for rotataion. */
+    uint8_t is_regular;
+
+    /* Flag set when file rotation notification is received. */
+    int rotation_flag;
 } LogFileCtx;
 
 /* flags for LogFileCtx */
@@ -71,5 +78,6 @@ LogFileCtx *LogFileNewCtx(void);
 int LogFileFreeCtx(LogFileCtx *);
 
 int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *, const char *);
+int SCConfLogReopen(LogFileCtx *);
 
 #endif /* __UTIL_LOGOPENFILE_H__ */