aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output: plugins can log flow or packet direction

Browse Source
pull/12965/head
Philippe Antoine 10 months ago committed by Victor Julien
parent 850bd72399
commit 243d14cda2
5 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File

1
rust/sys/src/sys.rs
Unescape Escape View File

@ -123,6 +123,7 @@ pub struct SCAppLayerPlugin_ {
pub KeywordsRegister: ::std::option::Option<unsafe extern "C" fn()>, pub KeywordsRegister: ::std::option::Option<unsafe extern "C" fn()>,
pub logname: *const ::std::os::raw::c_char, pub logname: *const ::std::os::raw::c_char,
pub confname: *const ::std::os::raw::c_char, pub confname: *const ::std::os::raw::c_char,
pub dir: u8,
pub Logger: ::std::option::Option< pub Logger: ::std::option::Option<
unsafe extern "C" fn( unsafe extern "C" fn(
tx: *const ::std::os::raw::c_void, tx: *const ::std::os::raw::c_void,

13
src/output.c
Unescape Escape View File

@ -994,6 +994,15 @@ int OutputPreRegisterLogger(EveJsonTxLoggerRegistrationData reg_data)
return 0; return 0;
} }
static TxLogger JsonLoggerFromDir(uint8_t dir)
{
if (dir == LOG_DIR_PACKET) {
return JsonGenericDirPacketLogger;
}
BUG_ON(dir != LOG_DIR_FLOW);
return JsonGenericDirFlowLogger;
}
/** /**
* \brief Register all non-root logging modules. * \brief Register all non-root logging modules.
*/ */
@ -1154,8 +1163,8 @@ void OutputRegisterLoggers(void)
for (size_t i = 0; i < preregistered_loggers_nb; i++) { for (size_t i = 0; i < preregistered_loggers_nb; i++) {
OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", preregistered_loggers[i].logname, OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", preregistered_loggers[i].logname,
preregistered_loggers[i].confname, OutputJsonLogInitSub, preregistered_loggers[i].confname, OutputJsonLogInitSub,
preregistered_loggers[i].alproto, JsonGenericDirFlowLogger, JsonLogThreadInit, preregistered_loggers[i].alproto, JsonLoggerFromDir(preregistered_loggers[i].dir),
JsonLogThreadDeinit); JsonLogThreadInit, JsonLogThreadDeinit);
SCLogDebug( SCLogDebug(
"%s JSON logger registered.", AppProtoToString(preregistered_loggers[i].alproto)); "%s JSON logger registered.", AppProtoToString(preregistered_loggers[i].alproto));
RegisterSimpleJsonApplayerLogger( RegisterSimpleJsonApplayerLogger(

1
src/output.h
Unescape Escape View File

@ -185,6 +185,7 @@ typedef struct EveJsonTxLoggerRegistrationData {
const char *confname; const char *confname;
const char *logname; const char *logname;
AppProto alproto; AppProto alproto;
uint8_t dir;
EveJsonSimpleTxLogFunc LogTx; EveJsonSimpleTxLogFunc LogTx;
} EveJsonTxLoggerRegistrationData; } EveJsonTxLoggerRegistrationData;

1
src/suricata-plugin.h
Unescape Escape View File

@ -68,6 +68,7 @@ typedef struct SCAppLayerPlugin_ {
void (*KeywordsRegister)(void); void (*KeywordsRegister)(void);
const char *logname; const char *logname;
const char *confname; const char *confname;
uint8_t dir;
bool (*Logger)(const void *tx, void *jb); bool (*Logger)(const void *tx, void *jb);
} SCAppLayerPlugin; } SCAppLayerPlugin;

1
src/util-plugin.c
Unescape Escape View File

@ -179,6 +179,7 @@ int SCPluginRegisterAppLayer(SCAppLayerPlugin *plugin)
.confname = plugin->confname, .confname = plugin->confname,
.logname = plugin->logname, .logname = plugin->logname,
.alproto = alproto, .alproto = alproto,
.dir = plugin->dir,
.LogTx = (EveJsonSimpleTxLogFunc)plugin->Logger, .LogTx = (EveJsonSimpleTxLogFunc)plugin->Logger,
}; };
if (OutputPreRegisterLogger(reg_data) != 0) { if (OutputPreRegisterLogger(reg_data) != 0) {

Write Preview
Loading…
Cancel
Save