suricata
Data Structures | Macros | Typedefs | Functions
alert-fastlog.c File Reference
#include "suricata-common.h"
#include "detect.h"
#include "flow.h"
#include "conf.h"
#include "threads.h"
#include "tm-threads.h"
#include "threadvars.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-build.h"
#include "detect-engine-mpm.h"
#include "detect-reference.h"
#include "util-classification-config.h"
#include "output.h"
#include "alert-fastlog.h"
#include "util-privs.h"
#include "util-print.h"
#include "util-proto-name.h"
#include "util-optimize.h"
#include "util-logopenfile.h"
#include "util-time.h"
#include "action-globals.h"
Include dependency graph for alert-fastlog.c:

Go to the source code of this file.

Data Structures

struct  AlertFastLogThread_
 

Macros

#define DEFAULT_LOG_FILENAME   "fast.log"
 
#define MODULE_NAME   "AlertFastLog"
 
#define MAX_FASTLOG_ALERT_SIZE   2048
 
#define MAX_FASTLOG_BUFFER_SIZE   (2 * MAX_FASTLOG_ALERT_SIZE)
 

Typedefs

typedef struct AlertFastLogThread_ AlertFastLogThread
 

Functions

TmEcode AlertFastLogThreadInit (ThreadVars *, const void *, void **)
 
TmEcode AlertFastLogThreadDeinit (ThreadVars *, void *)
 
void AlertFastLogRegisterTests (void)
 This function registers unit tests for AlertFastLog API. More...
 
int AlertFastLogger (ThreadVars *tv, void *data, const Packet *p)
 
void AlertFastLogRegister (void)
 
OutputInitResult AlertFastLogInitCtx (ConfNode *conf)
 Create a new LogFileCtx for "fast" output style. More...
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Logs alerts in a line based text format compatible to Snort's alert_fast format.

Definition in file alert-fastlog.c.

Macro Definition Documentation

◆ DEFAULT_LOG_FILENAME

#define DEFAULT_LOG_FILENAME   "fast.log"

Definition at line 60 of file alert-fastlog.c.

◆ MAX_FASTLOG_ALERT_SIZE

#define MAX_FASTLOG_ALERT_SIZE   2048

Definition at line 65 of file alert-fastlog.c.

◆ MAX_FASTLOG_BUFFER_SIZE

#define MAX_FASTLOG_BUFFER_SIZE   (2 * MAX_FASTLOG_ALERT_SIZE)

Definition at line 68 of file alert-fastlog.c.

◆ MODULE_NAME

#define MODULE_NAME   "AlertFastLog"

Definition at line 62 of file alert-fastlog.c.

Typedef Documentation

◆ AlertFastLogThread

typedef struct AlertFastLogThread_ AlertFastLogThread

Function Documentation

◆ AlertFastLogger()

int AlertFastLogger ( ThreadVars tv,
void *  data,
const Packet p 
)

Definition at line 102 of file alert-fastlog.c.

References PacketAlert_::action, ACTION_DROP, PacketAlerts_::alerts, Packet_::alerts, Signature_::class_msg, PacketAlerts_::cnt, CreateTimeString(), Packet_::dp, EngineModeIsIPS(), GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, GET_PKT_DATA, GET_PKT_LEN, Signature_::gid, Packet_::icmp_s, Signature_::id, IP_GET_IPPROTO, known_proto, likely, MAX_FASTLOG_ALERT_SIZE, MAX_FASTLOG_BUFFER_SIZE, Signature_::msg, Packet_::pcap_cnt, PKT_IS_IPV4, PKT_IS_IPV6, PrintBufferData, PrintBufferRawLineHex(), PrintInet(), Signature_::prio, proto, Signature_::rev, PacketAlert_::s, SCProtoNameValid(), Packet_::sp, Packet_::ts, and unlikely.

Referenced by AlertFastLogRegister().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ AlertFastLogInitCtx()

OutputInitResult AlertFastLogInitCtx ( ConfNode conf)

Create a new LogFileCtx for "fast" output style.

Parameters
confThe configuration node for this output.
Returns
A LogFileCtx pointer on success, NULL on failure.

Definition at line 226 of file alert-fastlog.c.

References OutputCtx_::data, DEFAULT_LOG_FILENAME, OutputCtx_::DeInit, LogFileFreeCtx(), LogFileNewCtx(), SCCalloc, SCConfLogOpenGeneric(), SCLogDebug, and unlikely.

Referenced by AlertFastLogRegister().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ AlertFastLogRegister()

void AlertFastLogRegister ( void  )

Definition at line 77 of file alert-fastlog.c.

References AlertFastLogger(), AlertFastLogInitCtx(), LOGGER_ALERT_FAST, MODULE_NAME, and OutputRegisterPacketModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ AlertFastLogRegisterTests()

void AlertFastLogRegisterTests ( void  )

This function registers unit tests for AlertFastLog API.

Definition at line 352 of file alert-fastlog.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ AlertFastLogThreadDeinit()

TmEcode AlertFastLogThreadDeinit ( ThreadVars t,
void *  data 
)

Definition at line 207 of file alert-fastlog.c.

References SCFree, and TM_ECODE_OK.

◆ AlertFastLogThreadInit()

TmEcode AlertFastLogThreadInit ( ThreadVars t,
const void *  initdata,
void **  data 
)

Use the Output Context (file pointer and mutex)

Definition at line 189 of file alert-fastlog.c.

References AlertFastLogThread_::file_ctx, SCCalloc, SCFree, SCLogDebug, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.