From d634140fa238db3938a8dc1a409e0aa71329c26c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 8 Jan 2018 19:46:06 +0100 Subject: [PATCH] logging: unique id's per log direction For loggers that register once per direction, use unique id's per direction. Reshuffle id's to keep tx log id's low so we can use u32 for tracking logged loggers. --- src/log-dnslog.c | 4 ++-- src/output-json-dnp3.c | 4 ++-- src/output-json-dns.c | 8 ++++---- src/suricata-common.h | 30 ++++++++++++++++++------------ src/util-profiling.c | 6 ++++-- 5 files changed, 30 insertions(+), 22 deletions(-) diff --git a/src/log-dnslog.c b/src/log-dnslog.c index 4da35ff75c..31867ba748 100644 --- a/src/log-dnslog.c +++ b/src/log-dnslog.c @@ -362,12 +362,12 @@ void LogDnsLogRegister (void) { #ifndef HAVE_RUST /* Request logger. */ - OutputRegisterTxModuleWithProgress(LOGGER_DNS, MODULE_NAME, "dns-log", + OutputRegisterTxModuleWithProgress(LOGGER_DNS_TS, MODULE_NAME, "dns-log", LogDnsLogInitCtx, ALPROTO_DNS, LogDnsRequestLogger, 0, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, LogDnsLogExitPrintStats); /* Response logger. */ - OutputRegisterTxModuleWithProgress(LOGGER_DNS, MODULE_NAME, "dns-log", + OutputRegisterTxModuleWithProgress(LOGGER_DNS_TC, MODULE_NAME, "dns-log", LogDnsLogInitCtx, ALPROTO_DNS, LogDnsResponseLogger, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, LogDnsLogExitPrintStats); diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index 45efbfc771..67025cb8e4 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -430,11 +430,11 @@ static TmEcode JsonDNP3LogThreadDeinit(ThreadVars *t, void *data) void JsonDNP3LogRegister(void) { /* Register direction aware eve sub-modules. */ - OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNP3, "eve-log", + OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNP3_TS, "eve-log", "JsonDNP3Log", "eve-log.dnp3", OutputDNP3LogInitSub, ALPROTO_DNP3, JsonDNP3LoggerToServer, 0, 1, JsonDNP3LogThreadInit, JsonDNP3LogThreadDeinit, NULL); - OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNP3, "eve-log", + OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNP3_TC, "eve-log", "JsonDNP3Log", "eve-log.dnp3", OutputDNP3LogInitSub, ALPROTO_DNP3, JsonDNP3LoggerToClient, 1, 1, JsonDNP3LogThreadInit, JsonDNP3LogThreadDeinit, NULL); diff --git a/src/output-json-dns.c b/src/output-json-dns.c index d18ca84b84..af96291472 100644 --- a/src/output-json-dns.c +++ b/src/output-json-dns.c @@ -935,23 +935,23 @@ static OutputCtx *JsonDnsLogInitCtx(ConfNode *conf) void JsonDnsLogRegister (void) { /* Logger for requests. */ - OutputRegisterTxModuleWithProgress(LOGGER_JSON_DNS, MODULE_NAME, + OutputRegisterTxModuleWithProgress(LOGGER_JSON_DNS_TS, MODULE_NAME, "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL); /* Logger for replies. */ - OutputRegisterTxModuleWithProgress(LOGGER_JSON_DNS, MODULE_NAME, + OutputRegisterTxModuleWithProgress(LOGGER_JSON_DNS_TC, MODULE_NAME, "dns-json-log", JsonDnsLogInitCtx, ALPROTO_DNS, JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL); /* Sub-logger for requests. */ - OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNS, "eve-log", + OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNS_TS, "eve-log", MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLoggerToServer, 0, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL); /* Sub-logger for replies. */ - OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNS, "eve-log", + OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_DNS_TC, "eve-log", MODULE_NAME, "eve-log.dns", JsonDnsLogInitCtxSub, ALPROTO_DNS, JsonDnsLoggerToClient, 1, 1, LogDnsLogThreadInit, LogDnsLogThreadDeinit, NULL); diff --git a/src/suricata-common.h b/src/suricata-common.h index 15c8e2f31c..e43cfc9518 100644 --- a/src/suricata-common.h +++ b/src/suricata-common.h @@ -399,6 +399,24 @@ typedef enum PacketProfileDetectId_ { typedef enum { LOGGER_UNDEFINED, + + /* TX loggers first for low logger IDs */ + LOGGER_DNS_TS, + LOGGER_DNS_TC, + LOGGER_HTTP, + LOGGER_TLS_STORE, + LOGGER_TLS, + LOGGER_JSON_DNS_TS, + LOGGER_JSON_DNS_TC, + LOGGER_JSON_HTTP, + LOGGER_JSON_SMTP, + LOGGER_JSON_TLS, + LOGGER_JSON_NFS, + LOGGER_JSON_DNP3_TS, + LOGGER_JSON_DNP3_TC, + LOGGER_JSON_SSH, + LOGGER_JSON_TEMPLATE, + LOGGER_ALERT_DEBUG, LOGGER_ALERT_FAST, LOGGER_UNIFIED2, @@ -406,17 +424,6 @@ typedef enum { LOGGER_DROP, LOGGER_JSON_ALERT, LOGGER_JSON_DROP, - LOGGER_JSON_SSH, - LOGGER_DNS, - LOGGER_HTTP, - LOGGER_JSON_DNS, - LOGGER_JSON_HTTP, - LOGGER_JSON_SMTP, - LOGGER_JSON_TLS, - LOGGER_JSON_NFS, - LOGGER_JSON_TEMPLATE, - LOGGER_TLS_STORE, - LOGGER_TLS, LOGGER_FILE, LOGGER_FILE_STORE, LOGGER_JSON_FILE, @@ -427,7 +434,6 @@ typedef enum { LOGGER_JSON_STATS, LOGGER_PRELUDE, LOGGER_PCAP, - LOGGER_JSON_DNP3, LOGGER_JSON_VARS, LOGGER_SIZE, } LoggerId; diff --git a/src/util-profiling.c b/src/util-profiling.c index cc0e095ccc..58b17b7db1 100644 --- a/src/util-profiling.c +++ b/src/util-profiling.c @@ -1341,9 +1341,11 @@ const char * PacketProfileLoggertIdToString(LoggerId id) CASE_CODE (LOGGER_JSON_ALERT); CASE_CODE (LOGGER_JSON_DROP); CASE_CODE (LOGGER_JSON_SSH); - CASE_CODE (LOGGER_DNS); + CASE_CODE (LOGGER_DNS_TS); + CASE_CODE (LOGGER_DNS_TC); CASE_CODE (LOGGER_HTTP); - CASE_CODE (LOGGER_JSON_DNS); + CASE_CODE (LOGGER_JSON_DNS_TS); + CASE_CODE (LOGGER_JSON_DNS_TC); CASE_CODE (LOGGER_JSON_HTTP); CASE_CODE (LOGGER_JSON_SMTP); CASE_CODE (LOGGER_JSON_TLS);