mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 lines
7.2 KiB
C
275 lines
7.2 KiB
C
/* Copyright (C) 2007-2016 Open Information Security Foundation
|
|
*
|
|
* You can copy, redistribute or modify this Program under the terms of
|
|
* the GNU General Public License version 2 as published by the Free
|
|
* Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* version 2 along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301, USA.
|
|
*/
|
|
|
|
/**
|
|
* \file
|
|
*
|
|
* \author Paulo Pacheco <fooinha@gmail.com>
|
|
* \author Victor Julien <victor@inliniac.net>
|
|
* \author Ignacio Sanchez <sanchezmartin.ji@gmail.com>
|
|
*
|
|
* Common custom logging format
|
|
*/
|
|
|
|
#include "log-cf-common.h"
|
|
#include "util-print.h"
|
|
#include "util-unittest.h"
|
|
|
|
/**
|
|
* \brief Creates a custom format node
|
|
* \retval LogCustomFormatNode * ptr if created
|
|
* \retval NULL if failed to allocate
|
|
*/
|
|
LogCustomFormatNode * LogCustomFormatNodeAlloc()
|
|
{
|
|
LogCustomFormatNode * node = SCCalloc(1, sizeof(LogCustomFormatNode));
|
|
if (unlikely(node == NULL)) {
|
|
SCLogError(SC_ERR_MEM_ALLOC, "Failed to alloc custom format node");
|
|
return NULL;
|
|
}
|
|
return node;
|
|
}
|
|
|
|
/**
|
|
* \brief Creates a custom format.
|
|
* \retval LogCustomFormat * ptr if created
|
|
* \retval NULL if failed to allocate
|
|
*/
|
|
LogCustomFormat * LogCustomFormatAlloc()
|
|
{
|
|
LogCustomFormat * cf = SCCalloc(1, sizeof(LogCustomFormat));
|
|
if (unlikely(cf == NULL)) {
|
|
SCLogError(SC_ERR_MEM_ALLOC, "Failed to alloc custom format");
|
|
return NULL;
|
|
}
|
|
return cf;
|
|
}
|
|
|
|
/**
|
|
* \brief Frees memory held by a custom format node
|
|
* \param LogCustomFormatNode * node - node to relaease
|
|
*/
|
|
void LogCustomFormatNodeFree(LogCustomFormatNode *node)
|
|
{
|
|
if (node==NULL)
|
|
return;
|
|
|
|
SCFree(node);
|
|
}
|
|
|
|
/**
|
|
* \brief Frees memory held by a custom format
|
|
* \param LogCustomFormat * cf - format to relaease
|
|
*/
|
|
void LogCustomFormatFree(LogCustomFormat *cf)
|
|
{
|
|
if (cf==NULL)
|
|
return;
|
|
|
|
for (size_t i = 0; i < cf->cf_n; ++i) {
|
|
LogCustomFormatNodeFree(cf->cf_nodes[i]);
|
|
}
|
|
SCFree(cf);
|
|
}
|
|
|
|
/**
|
|
* \brief Parses and saves format nodes for custom format
|
|
* \param LogCustomFormat * cf - custom format to build
|
|
* \param const char * format - string with format specification
|
|
*/
|
|
int LogCustomFormatParse(LogCustomFormat *cf, const char *format)
|
|
{
|
|
const char *p, *np;
|
|
uint32_t n;
|
|
LogCustomFormatNode *node = NULL;
|
|
|
|
if (cf==NULL)
|
|
return 0;
|
|
|
|
if (format==NULL)
|
|
return 0;
|
|
|
|
p=format;
|
|
|
|
for (cf->cf_n = 0; cf->cf_n < LOG_MAXN_NODES-1 && p && *p != '\0';){
|
|
|
|
node = LogCustomFormatNodeAlloc();
|
|
if (node == NULL) {
|
|
goto parsererror;
|
|
}
|
|
node->maxlen = 0;
|
|
|
|
if (*p != '%'){
|
|
/* Literal found in format string */
|
|
node->type = LOG_CF_LITERAL;
|
|
np = strchr(p, '%');
|
|
if (np == NULL){
|
|
n = LOG_NODE_STRLEN-2;
|
|
np = NULL; /* End */
|
|
}else{
|
|
n = np-p;
|
|
}
|
|
strlcpy(node->data,p,n+1);
|
|
p = np;
|
|
} else {
|
|
/* Non Literal found in format string */
|
|
p++;
|
|
if (*p == '[') { /* Check if maxlength has been specified (ie: [25]) */
|
|
p++;
|
|
np = strchr(p, ']');
|
|
if (np != NULL) {
|
|
if (np-p > 0 && np-p < 10){
|
|
long maxlen = strtol(p,NULL,10);
|
|
if (maxlen > 0 && maxlen < LOG_NODE_MAXOUTPUTLEN) {
|
|
node->maxlen = (uint32_t) maxlen;
|
|
}
|
|
} else {
|
|
goto parsererror;
|
|
}
|
|
p = np + 1;
|
|
} else {
|
|
goto parsererror;
|
|
}
|
|
}
|
|
if (*p == '{') { /* Simple format char */
|
|
np = strchr(p, '}');
|
|
if (np != NULL && np-p > 1 && np-p < LOG_NODE_STRLEN-2) {
|
|
p++;
|
|
n = np-p;
|
|
strlcpy(node->data, p, n+1);
|
|
p = np;
|
|
} else {
|
|
goto parsererror;
|
|
}
|
|
p++;
|
|
} else {
|
|
node->data[0] = '\0';
|
|
}
|
|
node->type = *p;
|
|
if (*p == '%'){
|
|
node->type = LOG_CF_LITERAL;
|
|
strlcpy(node->data, "%", 2);
|
|
}
|
|
p++;
|
|
}
|
|
LogCustomFormatAddNode(cf, node);
|
|
}
|
|
return 1;
|
|
|
|
parsererror:
|
|
LogCustomFormatNodeFree(node);
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* \brief Adds a node to custom format
|
|
* \param LogCustomFormat * cf - custom format
|
|
* \param LogCustomFormatNode * node - node to add
|
|
*/
|
|
void LogCustomFormatAddNode(LogCustomFormat *cf, LogCustomFormatNode *node)
|
|
{
|
|
if (cf == NULL || node == NULL)
|
|
return;
|
|
|
|
if (cf->cf_n == LOG_MAXN_NODES) {
|
|
SCLogWarning(SC_WARN_LOG_CF_TOO_MANY_NODES, "Too many options for custom format");
|
|
return;
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
SCLogDebug("%d-> n.type=[%d] n.maxlen=[%d] n.data=[%s]",
|
|
cf->cf_n, node->type, node->maxlen, node->data);
|
|
#endif
|
|
|
|
cf->cf_nodes[cf->cf_n] = node;
|
|
cf->cf_n++;
|
|
}
|
|
|
|
/**
|
|
* \brief Writes a timestamp with given format into a MemBuffer
|
|
* \param MemBuffer * buffer - where to write
|
|
* \param const char * fmt - format to be used write timestamp
|
|
* \param const struct timeveal *ts - the timetstamp
|
|
*
|
|
*/
|
|
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const struct timeval *ts) {
|
|
|
|
time_t time = ts->tv_sec;
|
|
struct tm local_tm;
|
|
struct tm *timestamp = SCLocalTime(time, &local_tm);
|
|
char buf[128] = {0};
|
|
const char * fmt_to_use = TIMESTAMP_DEFAULT_FORMAT;
|
|
|
|
if (fmt && *fmt != '\0') {
|
|
fmt_to_use = fmt;
|
|
}
|
|
|
|
CreateFormattedTimeString (timestamp, fmt_to_use, buf, sizeof(buf));
|
|
PrintRawUriBuf((char *)buffer->buffer, &buffer->offset,
|
|
buffer->size, (uint8_t *)buf,strlen(buf));
|
|
}
|
|
|
|
#ifdef UNITTESTS
|
|
/**
|
|
* \internal
|
|
* \brief This test tests default timestamp format
|
|
*/
|
|
static int LogCustomFormatTest01(void)
|
|
{
|
|
struct tm tm;
|
|
tm.tm_sec = 0;
|
|
tm.tm_min = 30;
|
|
tm.tm_hour = 4;
|
|
tm.tm_mday = 13;
|
|
tm.tm_mon = 0;
|
|
tm.tm_year = 114;
|
|
tm.tm_wday = 1;
|
|
tm.tm_yday = 13;
|
|
tm.tm_isdst = 0;
|
|
time_t secs = mktime(&tm);
|
|
struct timeval ts = {secs, 0};
|
|
|
|
MemBuffer *buffer = MemBufferCreateNew(62);
|
|
if (!buffer) {
|
|
return 0;
|
|
}
|
|
|
|
LogCustomFormatWriteTimestamp(buffer, "", &ts);
|
|
/*
|
|
* {buffer = "01/13/14-04:30:00", size = 62, offset = 17}
|
|
*/
|
|
FAIL_IF_NOT( buffer->offset == 17);
|
|
FAIL_IF(strcmp((char *)buffer->buffer, "01/13/14-04:30:00") != 0);
|
|
|
|
MemBufferFree(buffer);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static void LogCustomFormatRegisterTests(void)
|
|
{
|
|
UtRegisterTest("LogCustomFormatTest01", LogCustomFormatTest01);
|
|
}
|
|
#endif /* UNITTESTS */
|
|
|
|
void LogCustomFormatRegister(void)
|
|
{
|
|
#ifdef UNITTESTS
|
|
LogCustomFormatRegisterTests();
|
|
#endif /* UNITTESTS */
|
|
}
|