aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output: add %M format option for the log message body

Browse Source 
If %M is not specified, it is automatically appended to the format
string, to provide backwards compatibility.
pull/8304/head
Victor Julien 2 years ago
parent fa7760aa67
commit a4eefd16b7
2 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File

54
src/util-debug.c
Unescape Escape View File

@ -376,8 +376,11 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp
BUG_ON(sc_log_module_initialized != 1);
/* make a copy of the format string as it will be modified below */
char local_format[strlen(log_format) + 1];
const int add_M = strstr(log_format, "%M") == NULL;
char local_format[strlen(log_format) + add_M * 2 + 1];
strlcpy(local_format, log_format, sizeof(local_format));
if (add_M)
strlcat(local_format, "%M", sizeof(local_format));
char *temp_fmt = local_format;
char *substr = temp_fmt;
@ -553,6 +556,36 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp
substr = temp_fmt;
substr++;
break;
case SC_LOG_FMT_MESSAGE: {
temp_fmt[0] = '\0';
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s", substr);
if (cw < 0) {
return -1;
}
temp += cw;
if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
return 0;
}
const char *hi = "";
if (log_level <= SC_LOG_ERROR)
hi = red;
else if (log_level <= SC_LOG_NOTICE)
hi = yellow;
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s", hi, message,
reset);
if (cw < 0) {
return -1;
}
temp += cw;
if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
return 0;
}
temp_fmt++;
substr = temp_fmt;
substr++;
break;
}
}
temp_fmt++;
}
@ -563,25 +596,6 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp
if (cw < 0) {
return -1;
}
temp += cw;
if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
return 0;
}
const char *hi = "";
if (log_level <= SC_LOG_ERROR)
hi = red;
else if (log_level <= SC_LOG_NOTICE)
hi = yellow;
cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s", hi, message, reset);
if (cw < 0) {
return -1;
}
temp += cw;
if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
return 0;
}
if (sc_log_config->op_filter_regex != NULL) {
if (pcre2_match(sc_log_config->op_filter_regex, (PCRE2_SPTR8)buffer, strlen(buffer), 0, 0,
sc_log_config->op_filter_regex_match, NULL) < 0) {

13
src/util-debug.h
Unescape Escape View File

@ -74,14 +74,14 @@ typedef enum {
} SCLogOPType;
/* The default log_format, if it is not supplied by the user */
#define SC_LOG_DEF_FILE_FORMAT "[%i - %m] %t %d: %S: "
#define SC_LOG_DEF_LOG_FORMAT_REL "%D: %S: "
#define SC_LOG_DEF_LOG_FORMAT_RELV "%d: %S: "
#define SC_LOG_DEF_LOG_FORMAT_RELVV "[%i] %d: %S: "
#define SC_LOG_DEF_FILE_FORMAT "[%i - %m] %t %d: %S: %M"
#define SC_LOG_DEF_LOG_FORMAT_REL "%D: %S: %M"
#define SC_LOG_DEF_LOG_FORMAT_RELV "%d: %S: %M"
#define SC_LOG_DEF_LOG_FORMAT_RELVV "[%i] %d: %S: %M"
#ifdef DEBUG
#define SC_LOG_DEF_LOG_FORMAT_DEV "[%f:%l] %d: %S: "
#define SC_LOG_DEF_LOG_FORMAT_DEV "%d: %S: %M [%f:%l]"
#else
#define SC_LOG_DEF_LOG_FORMAT_DEV "[%f:%l] %d: %S: "
#define SC_LOG_DEF_LOG_FORMAT_DEV "%d: %S: %M [%f:%l]"
#endif
/* The maximum length of the log message */
@ -199,6 +199,7 @@ typedef struct SCLogConfig_ {
#define SC_LOG_FMT_FUNCTION 'n' /* Function */
#define SC_LOG_FMT_SUBSYSTEM 'S' /* Subsystem name */
#define SC_LOG_FMT_THREAD_NAME 'T' /* thread name */
#define SC_LOG_FMT_MESSAGE 'M' /* log message body */
/* The log format prefix for the format specifiers */
#define SC_LOG_FMT_PREFIX '%'

Write Preview
Loading…
Cancel
Save