"current" logs symlink does not account for mulitple loggers

[mmguero]

the quickstart guide says:

• $PREFIX/logs/
  • As the name suggests it is the default logs directory where Zeek stores the rotated logs from the current directory:
  • current
    • It is a symlink to the spool directory that is defined in the zeekctl.cfg configuration file. It contains the active log files that Zeek currently writes to when running via ZeekControl.

However, when I have multiple loggers defined in my node.cfg:

[manager]
type=manager
host=localhost

[logger-1]
type=logger
host=localhost

[logger-2]
type=logger
host=localhost

[proxy-1]
type=proxy
host=localhost

[worker-1]
type=worker
host=localhost
interface=enp0s25
lb_procs=4
lb_method=custom
af_packet_fanout_id=1
af_packet_fanout_mode=AF_Packet::FANOUT_HASH
af_packet_buffer_size=67108864

I end up with logger-1 and logger-2 directories in the spool directory, as expected. However, current is still just a symlink to logger-1. There's no access to logger-2 except through the spool directory directly.

Not sure what the right thing to do here is... current-1 and current-2, etc. symlinks? Or maybe just update the documentation.

[ckreibich]

@awelzel did you happen to notice this during your work on multiple-logger support?

[awelzel]

I didn't realize back then probably because I just don't use zeekctl like a normal users :-( But I have seen and forgotten this ticket again.

Not sure what the right thing to do here is... current-1 and current-2, etc. symlinks? Or maybe just update the documentation.

Hmm, I can see current-1 and current-2, but at the same time could also see no symlinks at all for a multi-logger setup.