suricata
output-filestore.c
Go to the documentation of this file.
1 /* Copyright (C) 2018-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "output-filestore.h"
20 
21 #include "stream-tcp.h"
22 
23 #include "feature.h"
24 
25 #include "output.h"
26 #include "output-json-file.h"
27 
28 #include "util-conf.h"
29 #include "util-misc.h"
30 #include "util-path.h"
31 #include "util-print.h"
32 
33 #define MODULE_NAME "OutputFilestore"
34 
35 /* Create a filestore specific PATH_MAX that is less than the system
36  * PATH_MAX to prevent newer gcc truncation warnings with snprint. */
37 #define SHA256_STRING_LEN (SC_SHA256_LEN * 2)
38 #define LEAF_DIR_MAX_LEN 4
39 #define FILESTORE_PREFIX_MAX (PATH_MAX - SHA256_STRING_LEN - LEAF_DIR_MAX_LEN)
40 
41 /* The default log directory, relative to the default log
42  * directory. */
43 static const char *default_log_dir = "filestore";
44 
45 /* Atomic counter of simultaneously open files. */
46 static SC_ATOMIC_DECLARE(uint32_t, filestore_open_file_cnt);
47 
48 typedef struct OutputFilestoreCtx_ {
51  bool fileinfo;
54 
55 typedef struct OutputFilestoreLogThread_ {
57  uint16_t counter_max_hits;
58  uint16_t fs_error_counter;
60 
67 
69 };
70 
71 /* For WARN_ONCE, a record of warnings that have already been
72  * issued. */
73 static thread_local bool once_errs[WOT_MAX];
74 
75 #define WARN_ONCE(wot_type, ...) \
76  do { \
77  if (!once_errs[wot_type]) { \
78  once_errs[wot_type] = true; \
79  SCLogWarning(__VA_ARGS__); \
80  } \
81  } while (0)
82 
83 static uint64_t OutputFilestoreOpenFilesCounter(void)
84 {
85  return SC_ATOMIC_GET(filestore_open_file_cnt);
86 }
87 
88 static uint32_t g_file_store_max_open_files = 0;
89 
90 static void FileSetMaxOpenFiles(uint32_t count)
91 {
92  g_file_store_max_open_files = count;
93 }
94 
95 static uint32_t FileGetMaxOpenFiles(void)
96 {
97  return g_file_store_max_open_files;
98 }
99 
100 /**
101  * \brief Update the timestamps on a file to match those of another
102  * file.
103  *
104  * \param src_filename Filename to use as timestamp source.
105  * \param filename Filename to apply timestamps to.
106  */
107 static void OutputFilestoreUpdateFileTime(const char *src_filename,
108  const char *filename)
109 {
110  struct stat sb;
111  if (stat(src_filename, &sb) != 0) {
112  SCLogDebug("Failed to stat %s: %s", filename, strerror(errno));
113  return;
114  }
115  struct utimbuf utimbuf = {
116  .actime = sb.st_atime,
117  .modtime = sb.st_mtime,
118  };
119  if (utime(filename, &utimbuf) != 0) {
120  SCLogDebug("Failed to update file timestamps: %s: %s", filename,
121  strerror(errno));
122  }
123 }
124 
125 static void OutputFilestoreFinalizeFiles(ThreadVars *tv, const OutputFilestoreLogThread *oft,
126  const OutputFilestoreCtx *ctx, const Packet *p, File *ff, void *tx, const uint64_t tx_id,
127  uint8_t dir)
128 {
129  /* Stringify the SHA256 which will be used in the final
130  * filename. */
131  char sha256string[(SC_SHA256_LEN * 2) + 1];
132  PrintHexString(sha256string, sizeof(sha256string), ff->sha256,
133  sizeof(ff->sha256));
134 
135  char tmp_filename[PATH_MAX] = "";
136  snprintf(tmp_filename, sizeof(tmp_filename), "%s/file.%u", ctx->tmpdir,
137  ff->file_store_id);
138 
139  char final_filename[PATH_MAX] = "";
140  snprintf(final_filename, sizeof(final_filename), "%s/%c%c/%s",
141  ctx->prefix, sha256string[0], sha256string[1], sha256string);
142 
143  if (SCPathExists(final_filename)) {
144  OutputFilestoreUpdateFileTime(tmp_filename, final_filename);
145  if (unlink(tmp_filename) != 0) {
147  WARN_ONCE(WOT_UNLINK, "Failed to remove temporary file %s: %s", tmp_filename,
148  strerror(errno));
149  }
150  } else if (rename(tmp_filename, final_filename) != 0) {
152  WARN_ONCE(WOT_RENAME, "Failed to rename %s to %s: %s", tmp_filename, final_filename,
153  strerror(errno));
154  if (unlink(tmp_filename) != 0) {
155  /* Just increment, don't log as has_fs_errors would
156  * already be set above. */
158  }
159  return;
160  }
161 
162  if (ctx->fileinfo) {
163  char js_metadata_filename[PATH_MAX];
164  if (snprintf(js_metadata_filename, sizeof(js_metadata_filename), "%s.%" PRIuMAX ".%u.json",
165  final_filename, (uintmax_t)SCTIME_SECS(p->ts),
166  ff->file_store_id) == (int)sizeof(js_metadata_filename)) {
167  WARN_ONCE(WOT_SNPRINTF, "Failed to write file info record. Output filename truncated.");
168  } else {
169  JsonBuilder *js_fileinfo =
170  JsonBuildFileInfoRecord(p, ff, tx, tx_id, true, dir, ctx->xff_cfg, NULL);
171  if (likely(js_fileinfo != NULL)) {
172  jb_close(js_fileinfo);
173  FILE *out = fopen(js_metadata_filename, "w");
174  if (out != NULL) {
175  size_t js_len = jb_len(js_fileinfo);
176  fwrite(jb_ptr(js_fileinfo), js_len, 1, out);
177  fclose(out);
178  }
179  jb_free(js_fileinfo);
180  }
181  }
182  }
183 }
184 
185 static int OutputFilestoreLogger(ThreadVars *tv, void *thread_data, const Packet *p, File *ff,
186  void *tx, const uint64_t tx_id, const uint8_t *data, uint32_t data_len, uint8_t flags,
187  uint8_t dir)
188 {
189  SCEnter();
191  OutputFilestoreCtx *ctx = aft->ctx;
192  char filename[PATH_MAX] = "";
193  int file_fd = -1;
194 
195  SCLogDebug("ff %p, data %p, data_len %u", ff, data, data_len);
196 
197  char base_filename[PATH_MAX] = "";
198  snprintf(base_filename, sizeof(base_filename), "%s/file.%u",
199  ctx->tmpdir, ff->file_store_id);
200  snprintf(filename, sizeof(filename), "%s", base_filename);
201 
203  file_fd = open(filename, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY,
204  0644);
205  if (file_fd == -1) {
207  SCLogWarning("Filestore (v2) failed to create %s: %s", filename, strerror(errno));
208  return -1;
209  }
210 
211  if (SC_ATOMIC_GET(filestore_open_file_cnt) < FileGetMaxOpenFiles()) {
212  SC_ATOMIC_ADD(filestore_open_file_cnt, 1);
213  ff->fd = file_fd;
214  } else {
215  if (FileGetMaxOpenFiles() > 0) {
217  }
218  ff->fd = -1;
219  }
220  /* we can get called with a NULL ffd when we need to close */
221  } else if (data != NULL) {
222  if (ff->fd == -1) {
223  file_fd = open(filename, O_APPEND | O_NOFOLLOW | O_WRONLY);
224  if (file_fd == -1) {
226  WARN_ONCE(WOT_OPEN, "Filestore (v2) failed to open file %s: %s", filename,
227  strerror(errno));
228  return -1;
229  }
230  } else {
231  file_fd = ff->fd;
232  }
233  }
234 
235  if (file_fd != -1) {
236  ssize_t r = write(file_fd, (const void *)data, (size_t)data_len);
237  if (r == -1) {
239  WARN_ONCE(WOT_WRITE, "Filestore (v2) failed to write to %s: %s", filename,
240  strerror(errno));
241  if (ff->fd != -1) {
242  SC_ATOMIC_SUB(filestore_open_file_cnt, 1);
243  }
244  ff->fd = -1;
245  }
246  if (ff->fd == -1) {
247  close(file_fd);
248  }
249  }
250 
252  if (ff->fd != -1) {
253  close(ff->fd);
254  ff->fd = -1;
255  SC_ATOMIC_SUB(filestore_open_file_cnt, 1);
256  }
257  OutputFilestoreFinalizeFiles(tv, aft, ctx, p, ff, tx, tx_id, dir);
258  }
259 
260  return 0;
261 }
262 
263 static TmEcode OutputFilestoreLogThreadInit(ThreadVars *t, const void *initdata,
264  void **data)
265 {
267  if (unlikely(aft == NULL))
268  return TM_ECODE_FAILED;
269  memset(aft, 0, sizeof(OutputFilestoreLogThread));
270 
271  if (initdata == NULL) {
272  SCLogDebug("Error getting context for LogFileStore. \"initdata\" argument NULL");
273  SCFree(aft);
274  return TM_ECODE_FAILED;
275  }
276 
277  OutputFilestoreCtx *ctx = ((OutputCtx *)initdata)->data;
278  aft->ctx = ctx;
279 
280  aft->counter_max_hits =
281  StatsRegisterCounter("file_store.open_files_max_hit", t);
282 
283  /* File system type errors (open, write, rename) will only be
284  * logged once. But this stat will be incremented for every
285  * occurence. */
286  aft->fs_error_counter = StatsRegisterCounter("file_store.fs_errors", t);
287 
288  *data = (void *)aft;
289  return TM_ECODE_OK;
290 }
291 
292 static TmEcode OutputFilestoreLogThreadDeinit(ThreadVars *t, void *data)
293 {
295  if (aft == NULL) {
296  return TM_ECODE_OK;
297  }
298 
299  /* clear memory */
300  memset(aft, 0, sizeof(OutputFilestoreLogThread));
301 
302  SCFree(aft);
303  return TM_ECODE_OK;
304 }
305 
306 static void OutputFilestoreLogDeInitCtx(OutputCtx *output_ctx)
307 {
308  OutputFilestoreCtx *ctx = (OutputFilestoreCtx *)output_ctx->data;
309  if (ctx->xff_cfg != NULL) {
310  SCFree(ctx->xff_cfg);
311  }
312  SCFree(ctx);
313  SCFree(output_ctx);
314 }
315 
316 static void GetLogDirectory(const ConfNode *conf, char *out, size_t out_size)
317 {
318  const char *log_base_dir = ConfNodeLookupChildValue(conf, "dir");
319  if (log_base_dir == NULL) {
320  SCLogConfig("Filestore (v2) default log directory %s", default_log_dir);
321  log_base_dir = default_log_dir;
322  }
323  if (PathIsAbsolute(log_base_dir)) {
324  strlcpy(out, log_base_dir, out_size);
325  } else {
326  const char *default_log_prefix = ConfigGetLogDirectory();
327  snprintf(out, out_size, "%s/%s", default_log_prefix, log_base_dir);
328  }
329 }
330 
331 static bool InitFilestoreDirectory(const char *dir)
332 {
333  const uint8_t dir_count = 0xff;
334 
335  if (!SCPathExists(dir)) {
336  SCLogInfo("Filestore (v2) creating directory %s", dir);
337  if (SCCreateDirectoryTree(dir, true) != 0) {
338  SCLogError("Filestore (v2) failed to create directory %s: %s", dir, strerror(errno));
339  return false;
340  }
341  }
342 
343  for (int i = 0; i <= dir_count; i++) {
344  char leaf[PATH_MAX];
345  int n = snprintf(leaf, sizeof(leaf), "%s/%02x", dir, i);
346  if (n < 0 || n >= PATH_MAX) {
347  SCLogError("Filestore (v2) failed to create leaf directory: "
348  "path too long");
349  return false;
350  }
351  if (!SCPathExists(leaf)) {
352  SCLogInfo("Filestore (v2) creating directory %s", leaf);
353  if (SCDefaultMkDir(leaf) != 0) {
354  SCLogError(
355  "Filestore (v2) failed to create directory %s: %s", leaf, strerror(errno));
356  return false;
357  }
358  }
359  }
360 
361  /* Make sure the tmp directory exists. */
362  char tmpdir[PATH_MAX];
363  int n = snprintf(tmpdir, sizeof(tmpdir), "%s/tmp", dir);
364  if (n < 0 || n >= PATH_MAX) {
365  SCLogError("Filestore (v2) failed to create tmp directory: path too long");
366  return false;
367  }
368  if (!SCPathExists(tmpdir)) {
369  SCLogInfo("Filestore (v2) creating directory %s", tmpdir);
370  if (SCDefaultMkDir(tmpdir) != 0) {
371  SCLogError("Filestore (v2) failed to create directory %s: %s", tmpdir, strerror(errno));
372  return false;
373  }
374  }
375 
376  return true;
377 }
378 
379 /** \brief Create a new http log OutputFilestoreCtx.
380  * \param conf Pointer to ConfNode containing this loggers configuration.
381  * \return NULL if failure, OutputFilestoreCtx* to the file_ctx if succesful
382  * */
383 static OutputInitResult OutputFilestoreLogInitCtx(ConfNode *conf)
384 {
385  OutputInitResult result = { NULL, false };
386 
387  intmax_t version = 0;
388  if (!ConfGetChildValueInt(conf, "version", &version) || version < 2) {
389  SCLogWarning("File-store v1 has been removed. Please update to file-store v2.");
390  return result;
391  }
392 
394  SCLogWarning("A file data logger is already enabled. Filestore (v2) "
395  "will not be enabled.");
396  return result;
397  }
398 
399  char log_directory[PATH_MAX] = "";
400  GetLogDirectory(conf, log_directory, sizeof(log_directory));
401  if (!InitFilestoreDirectory(log_directory)) {
402  return result;
403  }
404 
405  OutputFilestoreCtx *ctx = SCCalloc(1, sizeof(*ctx));
406  if (unlikely(ctx == NULL)) {
407  return result;
408  }
409 
410  strlcpy(ctx->prefix, log_directory, sizeof(ctx->prefix));
411  int written = snprintf(ctx->tmpdir, sizeof(ctx->tmpdir) - 1, "%s/tmp",
412  log_directory);
413  if (written == sizeof(ctx->tmpdir)) {
414  SCLogError("File-store output directory overflow.");
415  SCFree(ctx);
416  return result;
417  }
418 
419  ctx->xff_cfg = SCCalloc(1, sizeof(HttpXFFCfg));
420  if (ctx->xff_cfg != NULL) {
421  HttpXFFGetCfg(conf, ctx->xff_cfg);
422  }
423 
424  OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
425  if (unlikely(output_ctx == NULL)) {
426  SCFree(ctx);
427  return result;
428  }
429 
430  output_ctx->data = ctx;
431  output_ctx->DeInit = OutputFilestoreLogDeInitCtx;
432 
433  const char *write_fileinfo = ConfNodeLookupChildValue(conf,
434  "write-fileinfo");
435  if (write_fileinfo != NULL && ConfValIsTrue(write_fileinfo)) {
436  SCLogConfig("Filestore (v2) will output fileinfo records.");
437  ctx->fileinfo = true;
438  }
439 
440  const char *force_filestore = ConfNodeLookupChildValue(conf,
441  "force-filestore");
442  if (force_filestore != NULL && ConfValIsTrue(force_filestore)) {
444  SCLogInfo("forcing filestore of all files");
445  }
446 
447  const char *force_magic = ConfNodeLookupChildValue(conf, "force-magic");
448  if (force_magic != NULL && ConfValIsTrue(force_magic)) {
450  SCLogConfig("Filestore (v2) forcing magic lookup for stored files");
451  }
452 
453  FileForceHashParseCfg(conf);
454 
455  /* The new filestore requires SHA256. */
457 
459 
460  const char *stream_depth_str = ConfNodeLookupChildValue(conf,
461  "stream-depth");
462  if (stream_depth_str != NULL && strcmp(stream_depth_str, "no")) {
463  uint32_t stream_depth = 0;
464  if (ParseSizeStringU32(stream_depth_str,
465  &stream_depth) < 0) {
466  SCLogError("Error parsing "
467  "file-store.stream-depth "
468  "from conf file - %s. Killing engine",
469  stream_depth_str);
470  exit(EXIT_FAILURE);
471  }
472  if (stream_depth) {
473  if (stream_depth <= stream_config.reassembly_depth) {
474  SCLogWarning("file-store.stream-depth value %" PRIu32 " has "
475  "no effect since it's less than stream.reassembly.depth "
476  "value.",
477  stream_depth);
478  } else {
479  FileReassemblyDepthEnable(stream_depth);
480  }
481  }
482  }
483 
484  const char *file_count_str = ConfNodeLookupChildValue(conf,
485  "max-open-files");
486  if (file_count_str != NULL) {
487  uint32_t file_count = 0;
488  if (ParseSizeStringU32(file_count_str,
489  &file_count) < 0) {
490  SCLogError("Error parsing "
491  "file-store.max-open-files "
492  "from conf file - %s. Killing engine",
493  file_count_str);
494  exit(EXIT_FAILURE);
495  } else {
496  if (file_count != 0) {
497  FileSetMaxOpenFiles(file_count);
498  SCLogConfig("Filestore (v2) will keep a max of %d "
499  "simultaneously open files", file_count);
500  }
501  }
502  }
503 
504  result.ctx = output_ctx;
505  result.ok = true;
506  SCReturnCT(result, "OutputInitResult");
507 }
508 
510 {
512  OutputFilestoreLogInitCtx, OutputFilestoreLogger,
513  OutputFilestoreLogThreadInit, OutputFilestoreLogThreadDeinit,
514  NULL);
515 
516  SC_ATOMIC_INIT(filestore_open_file_cnt);
517  SC_ATOMIC_SET(filestore_open_file_cnt, 0);
518 }
519 
521 {
522  StatsRegisterGlobalCounter("file_store.open_files", OutputFilestoreOpenFilesCounter);
523 }
ConfGetChildValueInt
int ConfGetChildValueInt(const ConfNode *base, const char *name, intmax_t *val)
Definition: conf.c:432
OutputFilestoreCtx_::prefix
char prefix[FILESTORE_PREFIX_MAX]
Definition: output-filestore.c:49
O_NOFOLLOW
#define O_NOFOLLOW
Definition: win32-misc.h:30
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:167
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
FileReassemblyDepthEnable
void FileReassemblyDepthEnable(uint32_t size)
Definition: util-file.c:127
stream-tcp.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
OutputFilestoreCtx_::tmpdir
char tmpdir[FILESTORE_PREFIX_MAX]
Definition: output-filestore.c:50
StatsRegisterGlobalCounter
uint16_t StatsRegisterGlobalCounter(const char *name, uint64_t(*Func)(void))
Registers a counter, which represents a global value.
Definition: counters.c:1013
WOT_MAX
@ WOT_MAX
Definition: output-filestore.c:68
OutputFilestoreCtx_::fileinfo
bool fileinfo
Definition: output-filestore.c:51
OutputFilestoreLogThread_::fs_error_counter
uint16_t fs_error_counter
Definition: output-filestore.c:58
TcpStreamCnf_::reassembly_depth
uint32_t reassembly_depth
Definition: stream-tcp.h:61
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:333
File_::file_store_id
uint32_t file_store_id
Definition: util-file.h:85
PrintHexString
void PrintHexString(char *str, size_t size, uint8_t *buf, size_t buf_len)
Definition: util-print.c:298
FileForceMagicEnable
void FileForceMagicEnable(void)
Definition: util-file.c:98
OutputFilestoreCtx_::xff_cfg
HttpXFFCfg * xff_cfg
Definition: output-filestore.c:52
stream_config
TcpStreamCnf stream_config
Definition: stream-tcp.c:115
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
WOT_OPEN
@ WOT_OPEN
Definition: output-filestore.c:62
OutputFilestoreCtx_
Definition: output-filestore.c:48
OUTPUT_FILEDATA_FLAG_CLOSE
#define OUTPUT_FILEDATA_FLAG_CLOSE
Definition: output-filedata.h:30
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:531
OutputCtx_::data
void * data
Definition: tm-modules.h:81
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
SCDefaultMkDir
int SCDefaultMkDir(const char *path)
Wrapper around SCMkDir with default mode arguments.
Definition: util-path.c:109
OutputCtx_
Definition: tm-modules.h:78
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
OutputFilestoreLogThread_
Definition: output-filestore.c:55
feature.h
WARN_ONCE
#define WARN_ONCE(wot_type,...)
Definition: output-filestore.c:75
OutputFilestoreCtx
struct OutputFilestoreCtx_ OutputFilestoreCtx
SC_SHA256_LEN
#define SC_SHA256_LEN
Definition: rust.h:33
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:47
Packet_::ts
SCTime_t ts
Definition: decode.h:471
File_::fd
int fd
Definition: util-file.h:86
output-json-file.h
WOT_WRITE
@ WOT_WRITE
Definition: output-filestore.c:63
util-print.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
OutputInitResult_::ok
bool ok
Definition: output.h:48
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
OutputFilestoreRegister
void OutputFilestoreRegister(void)
Definition: output-filestore.c:509
SC_ATOMIC_SUB
#define SC_ATOMIC_SUB(name, val)
sub a value from our atomic variable
Definition: util-atomic.h:342
SC_ATOMIC_DECLARE
#define SC_ATOMIC_DECLARE(type, name)
wrapper for declaring atomic variables.
Definition: util-atomic.h:281
Packet_
Definition: decode.h:428
JsonBuildFileInfoRecord
JsonBuilder * JsonBuildFileInfoRecord(const Packet *p, const File *ff, void *tx, const uint64_t tx_id, const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg, OutputJsonCtx *eve_ctx)
Definition: output-json-file.c:83
TmEcode
TmEcode
Definition: tm-threads-common.h:83
HttpXFFCfg_
Definition: app-layer-htp-xff.h:41
OutputFilestoreLogThread_::counter_max_hits
uint16_t counter_max_hits
Definition: output-filestore.c:57
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
FILESTORE_PREFIX_MAX
#define FILESTORE_PREFIX_MAX
Definition: output-filestore.c:39
SCPathExists
bool SCPathExists(const char *path)
Check if a path exists.
Definition: util-path.c:169
WOT_SNPRINTF
@ WOT_SNPRINTF
Definition: output-filestore.c:66
File_
Definition: util-file.h:79
OutputInitResult_
Definition: output.h:46
util-conf.h
FEATURE_OUTPUT_FILESTORE
#define FEATURE_OUTPUT_FILESTORE
Definition: feature.h:28
OutputRegisterFiledataModule
void OutputRegisterFiledataModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, FiledataLogger FiledataLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a file data output module.
Definition: output.c:507
flags
uint8_t flags
Definition: decode-gre.h:0
suricata-common.h
FileForceFilestoreEnable
void FileForceFilestoreEnable(void)
Definition: util-file.c:92
OutputCtx_::DeInit
void(* DeInit)(struct OutputCtx_ *)
Definition: tm-modules.h:84
util-path.h
WOT_RENAME
@ WOT_RENAME
Definition: output-filestore.c:65
OUTPUT_FILEDATA_FLAG_OPEN
#define OUTPUT_FILEDATA_FLAG_OPEN
Definition: output-filedata.h:29
FileForceHashParseCfg
void FileForceHashParseCfg(ConfNode *conf)
Function to parse forced file hashing configuration.
Definition: util-file.c:170
SCTIME_SECS
#define SCTIME_SECS(t)
Definition: util-time.h:51
PathIsAbsolute
int PathIsAbsolute(const char *path)
Check if a path is absolute.
Definition: util-path.c:44
version
uint8_t version
Definition: decode-gre.h:1
output-filestore.h
WarnOnceTypes
WarnOnceTypes
Definition: output-filestore.c:61
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
File_::sha256
uint8_t sha256[SC_SHA256_LEN]
Definition: util-file.h:98
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:181
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
ConfigGetLogDirectory
const char * ConfigGetLogDirectory(void)
Definition: util-conf.c:37
MODULE_NAME
#define MODULE_NAME
Definition: output-filestore.c:33
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
OutputFilestoreLogThread
struct OutputFilestoreLogThread_ OutputFilestoreLogThread
LOGGER_FILE_STORE
@ LOGGER_FILE_STORE
Definition: suricata-common.h:471
WOT_UNLINK
@ WOT_UNLINK
Definition: output-filestore.c:64
ProvidesFeature
void ProvidesFeature(const char *feature_name)
Definition: feature.c:111
SCReturnCT
#define SCReturnCT(x, type)
Definition: util-debug.h:285
OutputFilestoreLogThread_::ctx
OutputFilestoreCtx * ctx
Definition: output-filestore.c:56
HttpXFFGetCfg
void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
Function to return XFF configuration from a configuration node.
Definition: app-layer-htp-xff.c:205
likely
#define likely(expr)
Definition: util-optimize.h:32
RunModeOutputFiledataEnabled
int RunModeOutputFiledataEnabled(void)
Definition: runmodes.c:558
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:520
FileForceSha256Enable
void FileForceSha256Enable(void)
Definition: util-file.c:116
SC_ATOMIC_GET
#define SC_ATOMIC_GET(name)
Get the value from the atomic variable.
Definition: util-atomic.h:376
util-misc.h
StatsRegisterCounter
uint16_t StatsRegisterCounter(const char *name, struct ThreadVars_ *tv)
Registers a normal, unqualified counter.
Definition: counters.c:955
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
output.h
SCCreateDirectoryTree
int SCCreateDirectoryTree(const char *path, const bool final)
Recursively create a directory.
Definition: util-path.c:123
ConfNodeLookupChildValue
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:808