added support for appending the log files

14 years ago · f4392e1dcc
parent de41612ea1
commit f4392e1dcc
5 changed files with 46 additions and 13 deletions
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@ -60,7 +60,7 @@ TmEcode AlertDebugLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQ
 TmEcode AlertDebugLogThreadInit(ThreadVars *, void*, void **);
 TmEcode AlertDebugLogThreadDeinit(ThreadVars *, void *);
 void AlertDebugLogExitPrintStats(ThreadVars *, void *);
-int AlertDebugLogOpenFileCtx(LogFileCtx* , const char *);
+int AlertDebugLogOpenFileCtx(LogFileCtx* , const char *, const char *);

 void TmModuleAlertDebugLogRegister (void) {
    tmm_modules[TMM_ALERTDEBUGLOG].name = MODULE_NAME;
@ -440,8 +440,12 @@ OutputCtx *AlertDebugLogInitCtx(ConfNode *conf)
    if (filename == NULL)
        filename = DEFAULT_LOG_FILENAME;

+    const char *mode = ConfNodeLookupChildValue(conf, "append");
+    if (mode == NULL)
+        mode = DEFAULT_LOG_MODE_APPEND;
+
    /** fill the new LogFileCtx with the specific AlertDebugLog configuration */
-    ret=AlertDebugLogOpenFileCtx(file_ctx, filename);
+    ret=AlertDebugLogOpenFileCtx(file_ctx, filename, mode);

    if(ret < 0)
        return NULL;
@ -459,15 +463,21 @@ OutputCtx *AlertDebugLogInitCtx(ConfNode *conf)
 *  \param filename name of log file
 *  \return -1 if failure, 0 if succesful
 * */
-int AlertDebugLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename)
+int AlertDebugLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, const
+                                char *mode)
 {
    int ret=0;

    char log_path[PATH_MAX], *log_dir;
    if (ConfGet("default-log-dir", &log_dir) != 1)
        log_dir = DEFAULT_LOG_DIR;
-    snprintf(log_path, PATH_MAX, "%s/%s", log_dir, DEFAULT_LOG_FILENAME);
+    snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
+    if (strncmp(mode, "yes", sizeof(mode)) == 0) {
+        file_ctx->fp = fopen(log_path, "a");
+    } else {
        file_ctx->fp = fopen(log_path, "w");
+    }
+
    if (file_ctx->fp == NULL) {
        SCLogError(SC_ERR_FOPEN, "ERROR: failed to open %s: %s", log_path,
            strerror(errno));
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@ -70,7 +70,7 @@ TmEcode AlertFastLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQu
 TmEcode AlertFastLogThreadInit(ThreadVars *, void *, void **);
 TmEcode AlertFastLogThreadDeinit(ThreadVars *, void *);
 void AlertFastLogExitPrintStats(ThreadVars *, void *);
-static int AlertFastLogOpenFileCtx(LogFileCtx *, const char *);
+static int AlertFastLogOpenFileCtx(LogFileCtx *, const char *, const char *);
 void AlertFastLogRegisterTests(void);
 static void AlertFastLogDeInitCtx(OutputCtx *);

@ -318,7 +318,12 @@ OutputCtx *AlertFastLogInitCtx(ConfNode *conf)
    const char *filename = ConfNodeLookupChildValue(conf, "filename");
    if (filename == NULL)
        filename = DEFAULT_LOG_FILENAME;
-    if (AlertFastLogOpenFileCtx(logfile_ctx, filename) < 0) {
+
+    const char *mode = ConfNodeLookupChildValue(conf, "append");
+    if (mode == NULL)
+        mode = DEFAULT_LOG_MODE_APPEND;
+
+    if (AlertFastLogOpenFileCtx(logfile_ctx, filename, mode) < 0) {
        LogFileFreeCtx(logfile_ctx);
        return NULL;
    }
@ -346,14 +351,19 @@ static void AlertFastLogDeInitCtx(OutputCtx *output_ctx)
 *  \param filename name of log file
 *  \return -1 if failure, 0 if succesful
 * */
-static int AlertFastLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename)
+static int AlertFastLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename,
+                                    const char *mode)
 {
    char log_path[PATH_MAX], *log_dir;
    if (ConfGet("default-log-dir", &log_dir) != 1)
        log_dir = DEFAULT_LOG_DIR;
    snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);

+    if (strncmp(mode, "yes", sizeof(mode)) == 0) {
+        file_ctx->fp = fopen(log_path, "a");
+    } else {
        file_ctx->fp = fopen(log_path, "w");
+    }

    if (file_ctx->fp == NULL) {
        SCLogError(SC_ERR_FOPEN, "ERROR: failed to open %s: %s", log_path,
--- a/src/log-httplog.c
+++ b/src/log-httplog.c
@ -56,7 +56,7 @@ TmEcode LogHttpLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueu
 TmEcode LogHttpLogThreadInit(ThreadVars *, void *, void **);
 TmEcode LogHttpLogThreadDeinit(ThreadVars *, void *);
 void LogHttpLogExitPrintStats(ThreadVars *, void *);
-int LogHttpLogOpenFileCtx(LogFileCtx* , const char *);
+int LogHttpLogOpenFileCtx(LogFileCtx* , const char *, const char *);
 static void LogHttpLogDeInitCtx(OutputCtx *);

 void TmModuleLogHttpLogRegister (void) {
@ -424,8 +424,11 @@ OutputCtx *LogHttpLogInitCtx(ConfNode *conf)
    if (filename == NULL)
        filename = DEFAULT_LOG_FILENAME;

+    const char *mode = ConfNodeLookupChildValue(conf, "append");
+    if (mode == NULL)
+        mode = DEFAULT_LOG_MODE_APPEND;
    /** fill the new LogFileCtx with the specific LogHttpLog configuration */
-    ret=LogHttpLogOpenFileCtx(file_ctx, filename);
+    ret=LogHttpLogOpenFileCtx(file_ctx, filename, mode);

    if(ret < 0)
        return NULL;
@ -451,14 +454,19 @@ static void LogHttpLogDeInitCtx(OutputCtx *output_ctx)
 *  \param config_file for loading separate configs
 *  \return -1 if failure, 0 if succesful
 * */
-int LogHttpLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename)
+int LogHttpLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, const
+                            char *mode)
 {
    char log_path[PATH_MAX], *log_dir;
    if (ConfGet("default-log-dir", &log_dir) != 1)
        log_dir = DEFAULT_LOG_DIR;
    snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);

+    if (strncmp(mode, "yes", sizeof(mode)) == 0) {
+        file_ctx->fp = fopen(log_path, "a");
+    } else {
        file_ctx->fp = fopen(log_path, "w");
+    }

    if (file_ctx->fp == NULL) {
        SCLogError(SC_ERR_FOPEN, "ERROR: failed to open %s: %s", log_path,
--- a/src/output.h
+++ b/src/output.h
@ -26,6 +26,8 @@

 #include "suricata.h"

+#define DEFAULT_LOG_MODE_APPEND     "yes"
+
 typedef struct OutputModule_ {
    char *name;
    char *conf_name;
--- a/suricata.yaml
+++ b/suricata.yaml
@ -36,6 +36,7 @@ outputs:
  - fast:
      enabled: yes
      filename: fast.log
+      append: yes

  # log output for use with Barnyard
  - unified-log:
@ -65,12 +66,14 @@ outputs:
  - http-log:
      enabled: yes
      filename: http.log
+      append: yes

  # a full alerts log containing much information for signature writers
  # or for investigating suspected false positives.
  - alert-debug:
      enabled: no
      filename: alert-debug.log
+      append: yes

  # alert output to prelude (http://www.prelude-technologies.com/) only
  # available if Suricata has been compiled with --enable-prelude