mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.4 KiB
Markdown
56 lines
1.4 KiB
Markdown
# Example Custom Logging Plugin
|
|
|
|
This is an example of a low level logging plugin.
|
|
|
|
Currently implemented are packet and flow loggers.
|
|
|
|
## Building
|
|
|
|
If in the Suricata source directory, this plugin can be built by
|
|
running `make`'.
|
|
|
|
## Building Standalone
|
|
|
|
This Makefile is not generated by automake so it can serve as an
|
|
example for plugins created outside of the Suricata source tree.
|
|
|
|
Building a standalone plugin has the following dependencies:
|
|
|
|
- Suricata is installed
|
|
- The Suricata library is installed: `make install-library`
|
|
- The Suricata development headers are installed: `make install-headers`
|
|
- The program `libsuricata-config` is in your path (installed with
|
|
`make install-library`)
|
|
|
|
Modify the Makefile to use `libsuricata-config`.
|
|
|
|
Before building this plugin you will need to build and install Suricata from the
|
|
git master branch and install the development tools and headers:
|
|
|
|
- `make install-library`
|
|
- `make install-headers`
|
|
|
|
then make sure the newly installed tool `libsuricata-config` can be
|
|
found in your path, for example:
|
|
```
|
|
libsuricata-config --cflags
|
|
```
|
|
|
|
Then a simple `make` should build this plugin.
|
|
|
|
Or if the Suricata installation is not in the path, a command like the following
|
|
can be used:
|
|
|
|
```
|
|
PATH=/opt/suricata/bin:$PATH make
|
|
```
|
|
|
|
## Usage
|
|
|
|
To run the plugin, first add the path to the plugin you just compiled to
|
|
your `suricata.yaml`, for example:
|
|
```
|
|
plugins:
|
|
- /usr/lib/suricata/plugins/c-custom-loggers/custom-loggers.so
|
|
```
|