suricata
output-eve.c
Go to the documentation of this file.
1 /* Copyright (C) 2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "output-eve.h"
19 #include "util-debug.h"
20 
21 static TAILQ_HEAD(, SCEveFileType_) output_types = TAILQ_HEAD_INITIALIZER(output_types);
22 
23 static bool IsBuiltinTypeName(const char *name)
24 {
25  const char *builtin[] = {
26  "regular",
27  "unix_dgram",
28  "unix_stream",
29  "redis",
30  NULL,
31  };
32  for (int i = 0;; i++) {
33  if (builtin[i] == NULL) {
34  break;
35  }
36  if (strcmp(builtin[i], name) == 0) {
37  return true;
38  }
39  }
40  return false;
41 }
42 
43 SCEveFileType *SCEveFindFileType(const char *name)
44 {
45  SCEveFileType *plugin = NULL;
46  TAILQ_FOREACH (plugin, &output_types, entries) {
47  if (strcmp(name, plugin->name) == 0) {
48  return plugin;
49  }
50  }
51  return NULL;
52 }
53 
54 /**
55  * \brief Register an Eve file type.
56  *
57  * \retval true if registered successfully, false if the file type name
58  * conflicts with a built-in or previously registered
59  * file type.
60  */
61 bool SCRegisterEveFileType(SCEveFileType *plugin)
62 {
63  /* First check that the name doesn't conflict with a built-in filetype. */
64  if (IsBuiltinTypeName(plugin->name)) {
65  SCLogError("Eve file type name conflicts with built-in type: %s", plugin->name);
66  return false;
67  }
68 
69  /* Now check against previously registered file types. */
70  SCEveFileType *existing = NULL;
71  TAILQ_FOREACH (existing, &output_types, entries) {
72  if (strcmp(existing->name, plugin->name) == 0) {
73  SCLogError("Eve file type name conflicts with previously registered type: %s",
74  plugin->name);
75  return false;
76  }
77  }
78 
79  SCLogDebug("Registering EVE file type plugin %s", plugin->name);
80  TAILQ_INSERT_TAIL(&output_types, plugin, entries);
81  return true;
82 }
SCEveFileType_::name
const char * name
The name of the output, used in the configuration.
Definition: output-eve.h:88
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
TAILQ_HEAD_INITIALIZER
#define TAILQ_HEAD_INITIALIZER(head)
Definition: queue.h:236
util-debug.h
SCRegisterEveFileType
bool SCRegisterEveFileType(SCEveFileType *plugin)
Register an Eve file type.
Definition: output-eve.c:61
output-eve.h
EVE logging subsystem.
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
TAILQ_HEAD
#define TAILQ_HEAD(name, type)
Definition: queue.h:230
SCEveFindFileType
SCEveFileType * SCEveFindFileType(const char *name)
Definition: output-eve.c:43
SCEveFileType_
Structure used to define an EVE output file type plugin.
Definition: output-eve.h:73