suricata
log-cf-common.h
Go to the documentation of this file.
1 /* Copyright (C) 2016 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  * \author Ignacio Sanchez <sanchezmartin.ji@gmail.com>
23  * \author Paulo Pacheco <fooinha@gmail.com>
24  *
25  * Common custom loggging format
26  */
27 
28 #ifndef __LOG_CF_COMMON_H__
29 #define __LOG_CF_COMMON_H__
30 
31 #define LOG_MAXN_NODES 64
32 #define LOG_NODE_STRLEN 256
33 #define LOG_NODE_MAXOUTPUTLEN 8192
34 
35 #define TIMESTAMP_DEFAULT_FORMAT "%D-%H:%M:%S"
36 #define TIMESTAMP_DEFAULT_FORMAT_LEN 62
37 
38 /* Common format nodes */
39 #define LOG_CF_NONE "-"
40 #define LOG_CF_LITERAL '%'
41 #define LOG_CF_TIMESTAMP 't'
42 #define LOG_CF_TIMESTAMP_U 'z'
43 #define LOG_CF_CLIENT_IP 'a'
44 #define LOG_CF_SERVER_IP 'A'
45 #define LOG_CF_CLIENT_PORT 'p'
46 #define LOG_CF_SERVER_PORT 'P'
47 
48 /* Line log common separators **/
49 #define LOG_CF_STAR_SEPARATOR "[**]"
50 #define LOG_CF_SPACE_SEPARATOR " "
51 #define LOG_CF_UNKNOWN_VALUE "-"
52 
53 #define LOG_CF_WRITE_STAR_SEPATATOR(buffer) \
54  MemBufferWriteString(buffer, LOG_CF_STAR_SEPARATOR);
55 
56 #define LOG_CF_WRITE_SPACE_SEPARATOR(buffer) \
57  MemBufferWriteString(buffer, LOG_CF_SPACE_SEPARATOR);
58 
59 #define LOG_CF_WRITE_UNKNOWN_VALUE(buffer) \
60  MemBufferWriteString(buffer, LOG_CF_UNKNOWN_VALUE);
61 
62 /* Include */
63 #include "suricata-common.h"
64 #include "util-buffer.h"
65 
66 typedef struct LogCustomFormatNode_ {
67  uint32_t type; /**< Node format type. ie: LOG_CF_LITERAL, ... */
68  uint32_t maxlen; /**< Maximun length of the data */
69  char data[LOG_NODE_STRLEN]; /**< optional data. ie: http header name */
70 } LogCustomFormatNode;
71 
72 
73 typedef struct LogCustomFormat_ {
74  uint32_t cf_n; /**< Total number of custom string format nodes */
75  LogCustomFormatNode *cf_nodes[LOG_MAXN_NODES]; /**< Custom format string nodes */
76 } LogCustomFormat;
77 
78 LogCustomFormatNode * LogCustomFormatNodeAlloc(void);
79 LogCustomFormat * LogCustomFormatAlloc(void);
80 
81 void LogCustomFormatNodeFree(LogCustomFormatNode *node);
82 void LogCustomFormatFree(LogCustomFormat *cf);
83 
84 void LogCustomFormatAddNode(LogCustomFormat *cf, LogCustomFormatNode *node);
85 int LogCustomFormatParse(LogCustomFormat *cf, const char *format);
86 
87 void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts);
88 void LogCustomFormatRegister(void);
89 
90 #endif /* __LOG_CF_COMMON_H__ */
ts
uint64_t ts
Definition: source-erf-file.c:55
LogCustomFormatAddNode
void LogCustomFormatAddNode(LogCustomFormat *cf, LogCustomFormatNode *node)
Adds a node to custom format.
Definition: log-cf-common.c:185
LogCustomFormatFree
void LogCustomFormatFree(LogCustomFormat *cf)
Frees memory held by a custom format.
Definition: log-cf-common.c:80
LOG_MAXN_NODES
#define LOG_MAXN_NODES
Definition: log-cf-common.h:31
LogCustomFormatRegister
void LogCustomFormatRegister(void)
Definition: log-cf-common.c:271
LogCustomFormatWriteTimestamp
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts)
Writes a timestamp with given format into a MemBuffer.
Definition: log-cf-common.c:211
LogCustomFormat_::cf_n
uint32_t cf_n
Definition: log-cf-common.h:74
LogCustomFormatNode_
Definition: log-cf-common.h:66
LogCustomFormatNode_::type
uint32_t type
Definition: log-cf-common.h:67
LOG_NODE_STRLEN
#define LOG_NODE_STRLEN
Definition: log-cf-common.h:32
SCTime_t
Definition: util-time.h:40
LogCustomFormatParse
int LogCustomFormatParse(LogCustomFormat *cf, const char *format)
Parses and saves format nodes for custom format.
Definition: log-cf-common.c:96
LogCustomFormatNode
struct LogCustomFormatNode_ LogCustomFormatNode
LogCustomFormatNode_::maxlen
uint32_t maxlen
Definition: log-cf-common.h:68
MemBuffer_
Definition: util-buffer.h:27
LogCustomFormat_
Definition: log-cf-common.h:73
LogCustomFormatNode_::data
char data[LOG_NODE_STRLEN]
Definition: log-cf-common.h:69
LogCustomFormatNodeFree
void LogCustomFormatNodeFree(LogCustomFormatNode *node)
Frees memory held by a custom format node.
Definition: log-cf-common.c:68
suricata-common.h
LogCustomFormatNodeAlloc
LogCustomFormatNode * LogCustomFormatNodeAlloc(void)
Creates a custom format node.
Definition: log-cf-common.c:39
util-buffer.h
LogCustomFormat_::cf_nodes
LogCustomFormatNode * cf_nodes[LOG_MAXN_NODES]
Definition: log-cf-common.h:75
LogCustomFormatAlloc
LogCustomFormat * LogCustomFormatAlloc(void)
Creates a custom format.
Definition: log-cf-common.c:54
LogCustomFormat
struct LogCustomFormat_ LogCustomFormat