aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,216 Commits
7 Branches
161 Tags
174 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-2.0.9'
${ noResults }
Commit Graph

5216 Commits (suricata-2.0.9)
 

Author SHA1 Message Date
Victor Julien b5ef269b03 json outputs: cleanups 
Clean up header files and improve memory handling.
 12 years ago
Victor Julien 3fc63d3656 jansson file log: make file log module 
Turn the libjansson based file logger into a file module, as a child
of eve-log.
 12 years ago
Victor Julien 039f7b3e5f tls json: turn into packet logger 
Like log-tls, turn the json tls logger into a packet logger as the
protocol parser is not tx aware.

Make it a child of eve-log as well.
 12 years ago
Victor Julien a9eab06593 output: simple name space support for sub modules 
To avoid module name clashes, a submode abc of parent xyz, will now
register itself as xyz.abc.
 12 years ago
Victor Julien 3a794f7a63 drop-json: make child of eve-log 
Make drop json child of eve-log.
 12 years ago
Victor Julien f0aa2ed240 json drop log: move into packet module 
Move JSON drop log into a full packet module.
 12 years ago
Victor Julien 4bd37cc46a log api: use AppProto instead of uint16_t 12 years ago
Victor Julien 52c3d3ad7c log api: convert all names to const 
Instead of strdupping all names w/o a need, use const ptrs.
 12 years ago
Victor Julien 85335d9cbe alert json: make child of eve-log 
Enable alert json for eve-log by registering the module as a sub-
module of eve-log.
 12 years ago
Victor Julien 42858647e2 alert-json: make full module out of json alert 
Make a full module out of the json alert code in output-json-alert.[ch].
 12 years ago
Victor Julien 79771ff570 output: sub-module support for other log api's 
Packets:
void OutputRegisterPacketSubModule(const char *parent_name, char *name, char *conf_name,
    OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *),
    PacketLogger LogFunc, PacketLogCondition ConditionFunc);

Files:
void OutputRegisterFileSubModule(const char *parent_name, char *name, char *conf_name,
    OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *), FileLogger FileLogFunc);

Filedata:
void OutputRegisterFiledataSubModule(const char *parent_name, char *name, char *conf_name,
    OutputCtx *(*InitFunc)(ConfNode *, OutputCtx *), FiledataLogger FiledataLogFunc);
 12 years ago
Victor Julien f830cb8026 output: introduce concept of sub-modules 
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.

A sub-module is a regular module, that registers itself as a sub-
module of another module:

    OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
            OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);

The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.

The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.

Only the TxLogger API is handled in this patch, the rest will be
updated later.
 12 years ago
Victor Julien 8c3e71559a dns-json: turn logger to tx api 
Convert Json DNS logger into a Tx Logger API logger.
 12 years ago
Victor Julien bc71a43e08 http-json: separate module using tx api 
Turn HTTP json logger into a Tx Logger API logger.
 12 years ago
Victor Julien 4874d5abbb Various compile fixes after rebase with master 12 years ago
Tom DeCanio 18458a14fb json: rebase fixes 
- restore json output-file.[ch] as output-json-file.[ch] after rebase conflict
- fix Makefile.am after merge conflict
- some dev-log-api-v4.0 rebase json fallout cleanup
 12 years ago
Tom DeCanio 6fd1b31c57 Remaining JSON output pull request comment edits 12 years ago
Tom DeCanio a3d86594dc address most initial JSON pull request comments 12 years ago
Tom DeCanio 55df2d5cdb add "united" drop JSON log 12 years ago
Tom DeCanio 0c067646a8 Add "united" JSON files output 12 years ago
Tom DeCanio 730ee3d721 First cut at "united" file log output in JSON 12 years ago
Tom DeCanio 88a04742c0 JSON output cleanup 12 years ago
Tom DeCanio b4ac0d90a4 remove unused http JSON code 12 years ago
Tom DeCanio a12fa7c4e1 more output JSON cleanup 12 years ago
Tom DeCanio 6974817f72 remove dead JSON DNS output code 12 years ago
Tom DeCanio a44b2b987b JSON output cleanup 12 years ago
Tom DeCanio 3241732e27 rename alert-json.[ch] output-json.[ch] 12 years ago
Tom DeCanio 3bc95c9258 fix compile errors w/o libjansson 12 years ago
Tom DeCanio 8adbc741ba remove unused JSON TMM_*JSON enumerations 12 years ago
Tom DeCanio 07d3b38d3b Add support for JSON output to syslog/unix_stream/unix_dgram 12 years ago
Tom DeCanio 1dd6d7a104 Add "united" log to suricata.yaml.in 12 years ago
Tom DeCanio 6c1de2115c JSON output cleanup 12 years ago
Tom DeCanio c654b63f6a add united TLS JSON logging 12 years ago
Tom DeCanio 51b7cf1491 add ICMP type and code support to JSON log 12 years ago
Tom DeCanio c8beb9bf9d Support for configuration of JSON http output module 12 years ago
Tom DeCanio 8c95b085c5 Add vlan and pcap_cnt to JSON logs 12 years ago
Tom DeCanio ce6b07b1b9 First cut at united .yaml configuration 12 years ago
Tom DeCanio 11f84d4ff7 beginning of JSON config alignment 12 years ago
Tom DeCanio 280e4bcb61 move some JSON alert work outside of lock 12 years ago
Tom DeCanio 34d04c3104 JSON cleanup 12 years ago
Tom DeCanio 0df6af3a0b Alert/HTTP/DNS JSON output working with Logstash 12 years ago
Tom DeCanio 5543b6eef4 nested json alert output 12 years ago
Tom DeCanio b94b8e03bd cleanup fallout from upstream merge with alert json work 12 years ago
Tom DeCanio 07571367d3 Change JSON alert syslog level to INFO 12 years ago
Tom DeCanio 860523f5bc fix NULL string into JSON in alert-json 12 years ago
Tom DeCanio e9b192fcc0 change srcport->sp dstport->dp 12 years ago
Tom DeCanio 5498654114 Add JSON formatted alert output 12 years ago
Victor Julien 7450f32351 stream: add performance output for stream pools 
Add info messages at shutdown that give an indication of pool use
for the various segment and chunk pools.
 12 years ago
Victor Julien 84696ebe2a stream: configurable stream chunk prealloc 
The stream chunk pool contains preallocating stream chunks (StreamMsg).
These are used for raw reassembly, used in raw content inspection by
the detection engine. The default setting so far has been 250, which
was hardcoded. This meant that in setups that needed more, allocs and
frees would be happen constantly.

This patch introduces a yaml option to set the 'prealloc' value in the
pool. The default is still 250.

stream.reassembly.chunk-prealloc

Related to feature #1093.
 12 years ago
Victor Julien fe1c4951f9 stream: silence stream.reassembly.raw message 12 years ago