From 0d86263efdae0ade81d03f841965a5285bb3e9e1 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 24 Jan 2019 11:40:39 +0100 Subject: [PATCH] eve.stats: make decoder event prefix configurable --- src/counters.c | 12 ++++++++++++ src/decode.c | 6 ++++-- src/util-error.c | 1 + src/util-error.h | 1 + suricata.yaml.in | 3 +++ 5 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/counters.c b/src/counters.c index b1595884da..402960b195 100644 --- a/src/counters.c +++ b/src/counters.c @@ -100,6 +100,7 @@ static char stats_enabled = TRUE; /**< add decoder events as stats? enabled by default */ bool stats_decoder_events = true; +const char *stats_decoder_events_prefix = "decoder"; /**< add stream events as stats? disabled by default */ bool stats_stream_events = false; @@ -252,6 +253,17 @@ static void StatsInitCtx(void) if (ret) { stats_stream_events = (b == 1); } + + const char *prefix = NULL; + if (ConfGet("stats.decoder-events-prefix", &prefix) != 1) { + prefix = "decoder"; + SCLogWarning(SC_WARN_DEFAULT_WILL_CHANGE, "in 5.0 the default " + "for decoder event stats will go from " + "'decoder..' to 'decoder.event..'. " + "See ticket #2225. To suppress this message, " + "set stats.decoder-events-prefix in the yaml."); + } + stats_decoder_events_prefix = prefix; } if (!OutputStatsLoggersRegistered()) { diff --git a/src/decode.c b/src/decode.c index 8589086e7d..3a109b378f 100644 --- a/src/decode.c +++ b/src/decode.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2014 Open Information Security Foundation +/* Copyright (C) 2007-2019 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -68,6 +68,7 @@ #include "output-flow.h" extern bool stats_decoder_events; +const char *stats_decoder_events_prefix; extern bool stats_stream_events; int DecodeTunnel(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, @@ -501,7 +502,8 @@ void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv) char name[256]; char *dot = index(DEvents[i].event_name, '.'); BUG_ON(!dot); - snprintf(name, sizeof(name), "decoder.events.%s", dot+1); + snprintf(name, sizeof(name), "%s.%s", + stats_decoder_events_prefix, dot+1); const char *found = HashTableLookup(g_counter_table, name, 0); if (!found) { diff --git a/src/util-error.c b/src/util-error.c index 6cd3bb4468..60b04ccc82 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -357,6 +357,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_WINDIVERT_INVALID_FILTER); CASE_CODE (SC_ERR_WINDIVERT_TOOLONG_FILTER); CASE_CODE (SC_WARN_RUST_NOT_AVAILABLE); + CASE_CODE (SC_WARN_DEFAULT_WILL_CHANGE); CASE_CODE (SC_ERR_MAX); } diff --git a/src/util-error.h b/src/util-error.h index 6f0bad3257..015c5720b6 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -347,6 +347,7 @@ typedef enum { SC_ERR_WINDIVERT_INVALID_FILTER, SC_ERR_WINDIVERT_TOOLONG_FILTER, SC_WARN_RUST_NOT_AVAILABLE, + SC_WARN_DEFAULT_WILL_CHANGE, SC_ERR_MAX, } SCError; diff --git a/suricata.yaml.in b/suricata.yaml.in index 3a4f147edb..9f3b788520 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -62,6 +62,9 @@ stats: interval: 8 # Add decode events as stats. #decoder-events: true + # Decoder event prefix in stats. Has been 'decoder' before, but that leads + # to missing events in the eve.stats records. See issue #2225. + decoder-events-prefix: "decoder.event" # Add stream events as stats. #stream-events: false