transition to use zeekrunner (#23)

The script (mac/linux) or executable (windows) that runs Zeek, including creating required environment variables & command line options, is now zeekrunner or zeekrunner.exe . The command line options used to run Zeek are now in this repo instead of in the zqd source. The job object based process termination for windows is removed, as it is moved into zqd; this will make it easier to eventually replace the windows zeek runner with a script or batch file.

brim/release

@@ -41,5 +41,5 @@ mkdir -p zeek/share/zeek
 for d in base policy site; do
     cp -R /usr/local/zeek/share/zeek/$d zeek/share/zeek
 done
-cp brim/zeek zeek
+cp brim/zeekrunner zeek/zeekrunner
 zip -r zeek-$(git describe --dirty --tags).$goos-amd64.zip zeek

brim/windows/zeekrunner/.gitignore

@@ -0,0 +1 @@
+zeekrunner.exe

brim/windows/zeekrunner/go.mod

@@ -0,0 +1,3 @@
+module github.com/brimsec/zeek/brim/windows/zeekrunner
+
+go 1.13

brim/windows/zeekrunner/zeekrunner.go

@@ -0,0 +1,87 @@
+// +build windows
+
+// This tool executes zeek on windows, constructing the cygwin compatible ZEEK*
+// environment variables required.  It embeds knowledge of the locations of the
+// zeek executable and zeek script locations in the expanded 'zdeps/zeek'
+// directory inside a Brim installation.
+package main
+
+import (
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+// These paths are relative to the zdeps/zeek directory.
+var (
+	zeekExecRelPath  = "bin/zeek.exe"
+	zeekPathRelPaths = []string{
+		"share/zeek",
+		"share/zeek/policy",
+		"share/zeek/site",
+	}
+	zeekPluginRelPaths = []string{
+		"lib/zeek/plugins",
+	}
+)
+
+func cygPathEnvVar(name, topDir string, subdirs []string) string {
+	var s []string
+	for _, l := range subdirs {
+		p := filepath.Join(topDir, filepath.FromSlash(l))
+		vol := filepath.VolumeName(p)
+		cyg := "/cygdrive/" + vol[0:1] + filepath.ToSlash(p[len(vol):])
+		s = append(s, cyg)
+	}
+	val := strings.Join(s, ":")
+	return name + "=" + val
+}
+
+var ExecScript = `
+event zeek_init() {
+       Log::disable_stream(PacketFilter::LOG);
+       Log::disable_stream(LoadedScripts::LOG);
+}`
+
+func launchZeek(zdepsZeekDir, zeekExecPath string) error {
+	zeekPath := cygPathEnvVar("ZEEKPATH", zdepsZeekDir, zeekPathRelPaths)
+	zeekPlugin := cygPathEnvVar("ZEEK_PLUGIN_PATH", zdepsZeekDir, zeekPluginRelPaths)
+
+	cmd := exec.Command(zeekExecPath,  "-C", "-r", "-", "--exec", ExecScript, "local")
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.Env = append(os.Environ(), zeekPath, zeekPlugin)
+
+	return cmd.Run()
+}
+
+// zdepsZeekDirectory returns the absolute path of the zdeps/zeek directory,
+// based on the assumption that this executable is located directly in it.
+func zdepsZeekDirectory() (string, error) {
+	execFile, err := os.Executable()
+	if err != nil {
+		return "", err
+	}
+
+	return filepath.Dir(execFile), nil
+}
+
+func main() {
+	zdepsZeekDir, err := zdepsZeekDirectory()
+	if err != nil {
+		log.Fatalln("zdepsZeekDirectory failed:", err)
+	}
+
+	zeekExecPath := filepath.Join(zdepsZeekDir, filepath.FromSlash(zeekExecRelPath))
+	if _, err := os.Stat(zeekExecPath); err != nil {
+		log.Fatalln("zeek executable not found at", zeekExecPath)
+	}
+
+	err = launchZeek(zdepsZeekDir, zeekExecPath)
+	if err != nil {
+		log.Fatalln("launchZeek failed", err)
+	}
+}

brim/zeekrunner

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
+
+export ZEEKPATH=$dir/share/zeek:$dir/share/zeek/policy:$dir/share/zeek/site
+export ZEEK_PLUGIN_PATH=$dir/lib/zeek/plugins
+
+# The packet filter and loaded scripts are disabled because they emit either
+# timeless logs or logs with timestamp set to execution time rather than time
+# of capture.
+exec "$dir/bin/zeek" \
+  -C -r - \
+  --exec "event zeek_init() { Log::disable_stream(PacketFilter::LOG); Log::disable_stream(LoadedScripts::LOG); }" \
+  local