|
|
|
|
@ -23,9 +23,6 @@
|
|
|
|
|
*
|
|
|
|
|
* File-like output for logging: regular files and sockets.
|
|
|
|
|
*/
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/un.h>
|
|
|
|
|
|
|
|
|
|
#include "suricata-common.h" /* errno.h, string.h, etc. */
|
|
|
|
|
#include "tm-modules.h" /* LogFileCtx */
|
|
|
|
|
@ -35,10 +32,18 @@
|
|
|
|
|
#include "util-logopenfile.h"
|
|
|
|
|
#include "util-logopenfile-tile.h"
|
|
|
|
|
|
|
|
|
|
#if defined(HAVE_SYS_UN_H) && defined(HAVE_SYS_SOCKET_H) && defined(HAVE_SYS_TYPES_H)
|
|
|
|
|
#define BUILD_WITH_UNIXSOCKET
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/un.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBHIREDIS
|
|
|
|
|
#include "util-log-redis.h"
|
|
|
|
|
#endif /* HAVE_LIBHIREDIS */
|
|
|
|
|
|
|
|
|
|
#ifdef BUILD_WITH_UNIXSOCKET
|
|
|
|
|
/** \brief connect to the indicated local stream socket, logging any errors
|
|
|
|
|
* \param path filesystem path to connect to
|
|
|
|
|
* \param log_err, non-zero if connect failure should be logged.
|
|
|
|
|
@ -128,11 +133,11 @@ static int SCLogFileWriteSocket(const char *buffer, int buffer_len,
|
|
|
|
|
int tries = 0;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
bool reopen = false;
|
|
|
|
|
|
|
|
|
|
#ifdef BUILD_WITH_UNIXSOCKET
|
|
|
|
|
if (ctx->fp == NULL && ctx->is_sock) {
|
|
|
|
|
SCLogUnixSocketReconnect(ctx);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
tryagain:
|
|
|
|
|
ret = -1;
|
|
|
|
|
reopen = 0;
|
|
|
|
|
@ -172,6 +177,7 @@ tryagain:
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
#endif /* BUILD_WITH_UNIXSOCKET */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \brief Write buffer to log file.
|
|
|
|
|
@ -183,9 +189,12 @@ static int SCLogFileWrite(const char *buffer, int buffer_len, LogFileCtx *log_ct
|
|
|
|
|
SCMutexLock(&log_ctx->fp_mutex);
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
|
|
#ifdef BUILD_WITH_UNIXSOCKET
|
|
|
|
|
if (log_ctx->is_sock) {
|
|
|
|
|
ret = SCLogFileWriteSocket(buffer, buffer_len, log_ctx);
|
|
|
|
|
} else {
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/* Check for rotation. */
|
|
|
|
|
if (log_ctx->rotation_flag) {
|
|
|
|
|
@ -462,15 +471,23 @@ SCConfLogOpenGeneric(ConfNode *conf,
|
|
|
|
|
|
|
|
|
|
// Now, what have we been asked to open?
|
|
|
|
|
if (strcasecmp(filetype, "unix_stream") == 0) {
|
|
|
|
|
#ifdef BUILD_WITH_UNIXSOCKET
|
|
|
|
|
/* Don't bail. May be able to connect later. */
|
|
|
|
|
log_ctx->is_sock = 1;
|
|
|
|
|
log_ctx->sock_type = SOCK_STREAM;
|
|
|
|
|
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_STREAM, 1);
|
|
|
|
|
#else
|
|
|
|
|
return -1;
|
|
|
|
|
#endif
|
|
|
|
|
} else if (strcasecmp(filetype, "unix_dgram") == 0) {
|
|
|
|
|
#ifdef BUILD_WITH_UNIXSOCKET
|
|
|
|
|
/* Don't bail. May be able to connect later. */
|
|
|
|
|
log_ctx->is_sock = 1;
|
|
|
|
|
log_ctx->sock_type = SOCK_DGRAM;
|
|
|
|
|
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_DGRAM, 1);
|
|
|
|
|
#else
|
|
|
|
|
return -1;
|
|
|
|
|
#endif
|
|
|
|
|
} else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0 ||
|
|
|
|
|
strcasecmp(filetype, "file") == 0) {
|
|
|
|
|
log_ctx->fp = SCLogOpenFileFp(log_path, append, log_ctx->filemode);
|
|
|
|
|
@ -507,12 +524,13 @@ SCConfLogOpenGeneric(ConfNode *conf,
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef BUILD_WITH_UNIXSOCKET
|
|
|
|
|
/* If a socket and running live, do non-blocking writes. */
|
|
|
|
|
if (log_ctx->is_sock && run_mode_offline == 0) {
|
|
|
|
|
SCLogInfo("Setting logging socket of non-blocking in live mode.");
|
|
|
|
|
log_ctx->send_flags |= MSG_DONTWAIT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype,
|
|
|
|
|
filename);
|
|
|
|
|
|
|
|
|
|
|
Victor Julien
8 years ago