suricata
output-eve-null.c
Go to the documentation of this file.
1 /* Copyright (C) 2023 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Jeff Lucovsky <jlucovsky@oisf.net>
22  *
23  * File-like output for logging: null/discard device
24  */
25 
26 #include "suricata-common.h" /* errno.h, string.h, etc. */
27 
28 #include "output.h" /* DEFAULT_LOG_* */
29 #include "output-eve-null.h"
30 #include "output-eve.h"
31 
32 #ifdef OS_WIN32
33 void NullLogInitialize(void)
34 {
35 }
36 #else /* !OS_WIN32 */
37 
38 #define OUTPUT_NAME "nullsink"
39 
40 static int NullLogInit(const ConfNode *conf, const bool threaded, void **init_data)
41 {
42  *init_data = NULL;
43  return 0;
44 }
45 
46 static int NullLogWrite(
47  const char *buffer, const int buffer_len, const void *init_data, void *thread_data)
48 {
49  return 0;
50 }
51 
52 static int NullLogThreadInit(const void *init_data, const ThreadId thread_id, void **thread_data)
53 {
54  *thread_data = NULL;
55  return 0;
56 }
57 
58 static void NullLogThreadDeInit(const void *init_data, void *thread_data)
59 {
60 }
61 
62 static void NullLogDeInit(void *init_data)
63 {
64 }
65 
66 void NullLogInitialize(void)
67 {
68  SCLogDebug("Registering the %s logger", OUTPUT_NAME);
69 
70  SCEveFileType *file_type = SCCalloc(1, sizeof(SCEveFileType));
71 
72  if (file_type == NULL) {
73  FatalError("Unable to allocate memory for eve file type %s", OUTPUT_NAME);
74  }
75 
76  file_type->name = OUTPUT_NAME;
77  file_type->Init = NullLogInit;
78  file_type->Deinit = NullLogDeInit;
79  file_type->Write = NullLogWrite;
80  file_type->ThreadInit = NullLogThreadInit;
81  file_type->ThreadDeinit = NullLogThreadDeInit;
82  if (!SCRegisterEveFileType(file_type)) {
83  FatalError("Failed to register EVE file type: %s", OUTPUT_NAME);
84  }
85 }
86 #endif /* !OS_WIN32 */
SCEveFileType_::name
const char * name
The name of the output, used in the configuration.
Definition: output-eve.h:88
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
SCEveFileType_::Write
int(* Write)(const char *buffer, const int buffer_len, const void *init_data, void *thread_data)
Called for each EVE log record.
Definition: output-eve.h:143
output-eve-null.h
ThreadId
uint32_t ThreadId
Definition: output-eve.h:36
SCEveFileType_::ThreadDeinit
void(* ThreadDeinit)(const void *init_data, void *thread_data)
Called to deinitialize each thread.
Definition: output-eve.h:156
SCRegisterEveFileType
bool SCRegisterEveFileType(SCEveFileType *plugin)
Register an Eve file type.
Definition: output-eve.c:61
NullLogInitialize
void NullLogInitialize(void)
Definition: output-eve-null.c:66
suricata-common.h
SCEveFileType_::Deinit
void(* Deinit)(void *init_data)
Final call to deinitialize this filetype.
Definition: output-eve.h:166
FatalError
#define FatalError(...)
Definition: util-debug.h:502
output-eve.h
EVE logging subsystem.
ConfNode_
Definition: conf.h:32
OUTPUT_NAME
#define OUTPUT_NAME
Definition: output-eve-null.c:38
SCEveFileType_::Init
int(* Init)(const ConfNode *conf, const bool threaded, void **init_data)
Function to initialize this filetype.
Definition: output-eve.h:103
SCEveFileType_::ThreadInit
int(* ThreadInit)(const void *init_data, const ThreadId thread_id, void **thread_data)
Initialize thread specific data.
Definition: output-eve.h:124
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
output.h
SCEveFileType_
Structure used to define an EVE output file type plugin.
Definition: output-eve.h:73