#include "app-layer-protos.h"
Go to the source code of this file.
Data Structures | |
| struct | EveJsonSimpleAppLayerLogger |
| struct | EveJsonTxLoggerRegistrationData |
| struct | SCEveFileType_ |
| Structure used to define an EVE output file type. More... | |
Typedefs | |
| typedef uint32_t | ThreadId |
| typedef enum SCOutputJsonLogDirection | SCOutputJsonLogDirection |
| typedef bool(* | EveJsonSimpleTxLogFunc) (const void *, void *) |
| typedef struct EveJsonSimpleAppLayerLogger | EveJsonSimpleAppLayerLogger |
| typedef struct EveJsonTxLoggerRegistrationData | EveJsonTxLoggerRegistrationData |
| typedef int(* | SCEveFileTypeInitFunc) (const SCConfNode *conf, const bool threaded, void **init_data) |
| Function type for EVE file-type initialization. More... | |
| typedef int(* | SCEveFileTypeThreadInitFunc) (const void *init_data, const ThreadId thread_id, void **thread_data) |
| Function type for EVE file-type thread initialization. More... | |
| typedef int(* | SCEveFileTypeWriteFunc) (const char *buffer, const int buffer_len, const void *init_data, void *thread_data) |
| Function type for EVE file-type writes. More... | |
| typedef void(* | SCEveFileTypeThreadDeinitFunc) (const void *init_data, void *thread_data) |
| Function type for EVE file-type thread deinitialization. More... | |
| typedef void(* | SCEveFileTypeDeinitFunc) (void *init_data) |
| Function type for EVE file-type deinitialization. More... | |
| typedef struct SCEveFileType_ | SCEveFileType |
| Structure used to define an EVE output file type. More... | |
Enumerations | |
| enum | SCOutputJsonLogDirection { LOG_DIR_PACKET = 0, LOG_DIR_FLOW, LOG_DIR_FLOW_TOCLIENT, LOG_DIR_FLOW_TOSERVER, LOG_DIR_PACKET = 0, LOG_DIR_FLOW, LOG_DIR_FLOW_TOCLIENT, LOG_DIR_FLOW_TOSERVER } |
Functions | |
| EveJsonSimpleAppLayerLogger * | SCEveJsonSimpleGetLogger (AppProto alproto) |
| int | SCOutputEvePreRegisterLogger (EveJsonTxLoggerRegistrationData reg_data) |
| bool | SCRegisterEveFileType (SCEveFileType *) |
| Register an Eve file type. More... | |
Detailed Description
This file contains definitions that should be made available to rust via bindgen.
Definition in file output-eve-bindgen.h.
Typedef Documentation
◆ EveJsonSimpleAppLayerLogger
| typedef struct EveJsonSimpleAppLayerLogger EveJsonSimpleAppLayerLogger |
◆ EveJsonSimpleTxLogFunc
| typedef bool(* EveJsonSimpleTxLogFunc) (const void *, void *) |
Definition at line 40 of file output-eve-bindgen.h.
◆ EveJsonTxLoggerRegistrationData
| typedef struct EveJsonTxLoggerRegistrationData EveJsonTxLoggerRegistrationData |
◆ SCEveFileType
| typedef struct SCEveFileType_ SCEveFileType |
Structure used to define an EVE output file type.
EVE filetypes implement an object with a file-like interface and are used to output EVE log records to files, syslog, or database. They can be built-in such as the syslog (see SyslogInitialize()) and nullsink (see NullLogInitialize()) outputs, registered by a library user or dynamically loaded as a plugin.
The life cycle of an EVE filetype is:
- Init: called once for each EVE instance using this filetype
- ThreadInit: called once for each output thread
- Write: called for each log record
- ThreadDeinit: called once for each output thread on exit
- Deinit: called once for each EVE instance using this filetype on exit
Examples:
- built-in syslog: src/output-eve-syslog.c
- built-in nullsink: src/output-eve-null.c
- example plugin: examples/plugins/c-json-filetype/filetype.c
Multi-Threaded Note:
The EVE logging system can be configured by the Suricata user to run in threaded or non-threaded modes. In the default non-threaded mode, ThreadInit will only be called once and the filetype does not need to be concerned with threads.
However, in threaded mode, ThreadInit will be called multiple times and the filetype needs to be thread aware and thread-safe. If utilizing a unique resource such as a file for each thread then you may be naturally thread safe. However, if sharing a single file handle across all threads then your filetype will have to take care of locking, etc.
◆ SCEveFileTypeDeinitFunc
| typedef void(* SCEveFileTypeDeinitFunc) (void *init_data) |
Function type for EVE file-type deinitialization.
Definition at line 74 of file output-eve-bindgen.h.
◆ SCEveFileTypeInitFunc
| typedef int(* SCEveFileTypeInitFunc) (const SCConfNode *conf, const bool threaded, void **init_data) |
Function type for EVE file-type initialization.
Definition at line 60 of file output-eve-bindgen.h.
◆ SCEveFileTypeThreadDeinitFunc
| typedef void(* SCEveFileTypeThreadDeinitFunc) (const void *init_data, void *thread_data) |
Function type for EVE file-type thread deinitialization.
Definition at line 71 of file output-eve-bindgen.h.
◆ SCEveFileTypeThreadInitFunc
| typedef int(* SCEveFileTypeThreadInitFunc) (const void *init_data, const ThreadId thread_id, void **thread_data) |
Function type for EVE file-type thread initialization.
Definition at line 63 of file output-eve-bindgen.h.
◆ SCEveFileTypeWriteFunc
| typedef int(* SCEveFileTypeWriteFunc) (const char *buffer, const int buffer_len, const void *init_data, void *thread_data) |
Function type for EVE file-type writes.
Definition at line 67 of file output-eve-bindgen.h.
◆ SCOutputJsonLogDirection
| typedef enum SCOutputJsonLogDirection SCOutputJsonLogDirection |
◆ ThreadId
| typedef uint32_t ThreadId |
Definition at line 31 of file output-eve-bindgen.h.
Enumeration Type Documentation
◆ SCOutputJsonLogDirection
| Enumerator | |
|---|---|
| LOG_DIR_PACKET | |
| LOG_DIR_FLOW | |
| LOG_DIR_FLOW_TOCLIENT | |
| LOG_DIR_FLOW_TOSERVER | |
| LOG_DIR_PACKET | |
| LOG_DIR_FLOW | |
| LOG_DIR_FLOW_TOCLIENT | |
| LOG_DIR_FLOW_TOSERVER | |
Definition at line 33 of file output-eve-bindgen.h.
Function Documentation
◆ SCEveJsonSimpleGetLogger()
| EveJsonSimpleAppLayerLogger* SCEveJsonSimpleGetLogger | ( | AppProto | alproto | ) |
◆ SCOutputEvePreRegisterLogger()
| int SCOutputEvePreRegisterLogger | ( | EveJsonTxLoggerRegistrationData | reg_data | ) |
◆ SCRegisterEveFileType()
| bool SCRegisterEveFileType | ( | SCEveFileType * | plugin | ) |
Register an Eve file type.
- Return values
-
true if registered successfully, false if the file type name conflicts with a built-in or previously registered file type.
Definition at line 100 of file output-eve.c.
