suricata
output.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Endace Technology Limited, Jason Ish <jason.ish@endace.com>
22  */
23 
24 #ifndef SURICATA_OUTPUT_H
25 #define SURICATA_OUTPUT_H
26 
27 #include "decode.h"
28 #include "tm-modules.h"
29 
30 #define DEFAULT_LOG_MODE_APPEND "yes"
31 #define DEFAULT_LOG_FILETYPE "regular"
32 
33 typedef struct OutputLoggerThreadStore_ {
34  void *thread_data;
35  struct OutputLoggerThreadStore_ *next;
36 } OutputLoggerThreadStore;
37 
38 #include "output-packet.h"
39 #include "output-tx.h"
40 #include "output-file.h"
41 #include "output-filedata.h"
42 #include "output-flow.h"
43 #include "output-streaming.h"
44 #include "output-stats.h"
45 
46 typedef struct OutputInitResult_ {
47  OutputCtx *ctx;
48  bool ok;
49 } OutputInitResult;
50 
51 typedef OutputInitResult (*OutputInitFunc)(ConfNode *);
52 typedef OutputInitResult (*OutputInitSubFunc)(ConfNode *, OutputCtx *);
53 typedef TmEcode (*OutputLogFunc)(ThreadVars *, Packet *, void *);
54 typedef uint32_t (*OutputGetActiveCountFunc)(void);
55 
56 typedef struct OutputModule_ {
57  LoggerId logger_id;
58  const char *name;
59  const char *conf_name;
60  const char *parent_name;
61  OutputInitFunc InitFunc;
62  OutputInitSubFunc InitSubFunc;
63 
64  ThreadInitFunc ThreadInit;
65  ThreadDeinitFunc ThreadDeinit;
66 
67  PacketLogger PacketLogFunc;
68  PacketLogCondition PacketConditionFunc;
69  TxLogger TxLogFunc;
70  TxLoggerCondition TxLogCondition;
71  SCFileLogger FileLogFunc;
72  SCFiledataLogger FiledataLogFunc;
73  FlowLogger FlowLogFunc;
74  SCStreamingLogger StreamingLogFunc;
75  StatsLogger StatsLogFunc;
76  AppProto alproto;
77  enum SCOutputStreamingType stream_type;
78  int tc_log_progress;
79  int ts_log_progress;
80 
81  TAILQ_ENTRY(OutputModule_) entries;
82 } OutputModule;
83 
84 typedef TAILQ_HEAD(OutputModuleList_, OutputModule_) OutputModuleList;
85 extern OutputModuleList output_modules;
86 
87 void OutputRegisterModule(const char *, const char *, OutputInitFunc);
88 
89 void OutputRegisterPacketModule(LoggerId id, const char *name, const char *conf_name,
90  OutputInitFunc InitFunc, PacketLogger LogFunc, PacketLogCondition ConditionFunc,
91  ThreadInitFunc, ThreadDeinitFunc);
92 void OutputRegisterPacketSubModule(LoggerId id, const char *parent_name, const char *name,
93  const char *conf_name, OutputInitSubFunc InitFunc, PacketLogger LogFunc,
94  PacketLogCondition ConditionFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
95 
96 void OutputRegisterTxModule(LoggerId id, const char *name, const char *conf_name,
97  OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit,
98  ThreadDeinitFunc ThreadDeinit);
99 void OutputRegisterTxSubModule(LoggerId id, const char *parent_name, const char *name,
100  const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
101  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
102 
103 void OutputRegisterTxModuleWithCondition(LoggerId id, const char *name, const char *conf_name,
104  OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
105  TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
106 void OutputRegisterTxSubModuleWithCondition(LoggerId id, const char *parent_name, const char *name,
107  const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
108  TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
109 
110 void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name,
111  OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress,
112  int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
113 void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name,
114  const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
115  int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit,
116  ThreadDeinitFunc ThreadDeinit);
117 
118 void OutputRegisterFileSubModule(LoggerId id, const char *parent_name, const char *name,
119  const char *conf_name, OutputInitSubFunc InitFunc, SCFileLogger FileLogFunc,
120  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
121 
122 void OutputRegisterFiledataModule(LoggerId id, const char *name, const char *conf_name,
123  OutputInitFunc InitFunc, SCFiledataLogger FiledataLogFunc, ThreadInitFunc ThreadInit,
124  ThreadDeinitFunc ThreadDeinit);
125 
126 void OutputRegisterFlowSubModule(LoggerId id, const char *parent_name, const char *name,
127  const char *conf_name, OutputInitSubFunc InitFunc, FlowLogger FlowLogFunc,
128  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
129 
130 void OutputRegisterStreamingModule(LoggerId id, const char *name, const char *conf_name,
131  OutputInitFunc InitFunc, SCStreamingLogger StreamingLogFunc,
132  enum SCOutputStreamingType stream_type, ThreadInitFunc ThreadInit,
133  ThreadDeinitFunc ThreadDeinit);
134 
135 void OutputRegisterStatsModule(LoggerId id, const char *name, const char *conf_name,
136  OutputInitFunc InitFunc, StatsLogger StatsLogFunc, ThreadInitFunc ThreadInit,
137  ThreadDeinitFunc ThreadDeinit);
138 void OutputRegisterStatsSubModule(LoggerId id, const char *parent_name, const char *name,
139  const char *conf_name, OutputInitSubFunc InitFunc, StatsLogger StatsLogFunc,
140  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
141 
142 OutputModule *OutputGetModuleByConfName(const char *name);
143 void OutputDeregisterAll(void);
144 
145 int OutputDropLoggerEnable(void);
146 void OutputDropLoggerDisable(void);
147 
148 void OutputRegisterFileRotationFlag(int *flag);
149 void OutputUnregisterFileRotationFlag(int *flag);
150 void OutputNotifyFileRotation(void);
151 
152 void OutputRegisterRootLogger(ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit,
153  OutputLogFunc LogFunc, OutputGetActiveCountFunc ActiveCntFunc);
154 void TmModuleLoggerRegister(void);
155 
156 TmEcode OutputLoggerLog(ThreadVars *, Packet *, void *);
157 TmEcode OutputLoggerThreadInit(ThreadVars *, const void *, void **);
158 TmEcode OutputLoggerThreadDeinit(ThreadVars *, void *);
159 void OutputLoggerExitPrintStats(ThreadVars *, void *);
160 
161 void OutputSetupActiveLoggers(void);
162 void OutputClearActiveLoggers(void);
163 
164 typedef bool (*EveJsonSimpleTxLogFunc)(void *, struct JsonBuilder *);
165 
166 typedef struct EveJsonSimpleAppLayerLogger {
167  EveJsonSimpleTxLogFunc LogTx;
168  const char *name;
169 } EveJsonSimpleAppLayerLogger;
170 
171 EveJsonSimpleAppLayerLogger *SCEveJsonSimpleGetLogger(AppProto alproto);
172 
173 #endif /* ! SURICATA_OUTPUT_H */
OutputModule_::parent_name
const char * parent_name
Definition: output.h:60
output-tx.h
OutputModule_::FileLogFunc
SCFileLogger FileLogFunc
Definition: output.h:71
OutputLogFunc
TmEcode(* OutputLogFunc)(ThreadVars *, Packet *, void *)
Definition: output.h:53
OutputLoggerThreadStore_
Definition: output.h:33
OutputLoggerThreadInit
TmEcode OutputLoggerThreadInit(ThreadVars *, const void *, void **)
Definition: output.c:722
TAILQ_HEAD
typedef TAILQ_HEAD(OutputModuleList_, OutputModule_) OutputModuleList
OutputRegisterTxModule
void OutputRegisterTxModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module.
Definition: output.c:369
OutputRegisterFileSubModule
void OutputRegisterFileSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, SCFileLogger FileLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a file output sub-module.
Definition: output.c:393
output-filedata.h
OutputModule
struct OutputModule_ OutputModule
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:81
output-streaming.h
SCFileLogger
int(* SCFileLogger)(ThreadVars *, void *thread_data, const Packet *, const File *, void *tx, const uint64_t tx_id, uint8_t direction)
Definition: output-file.h:48
OutputInitResult
struct OutputInitResult_ OutputInitResult
OutputModule_::name
const char * name
Definition: output.h:58
OutputModule_::logger_id
LoggerId logger_id
Definition: output.h:57
LoggerId
LoggerId
Definition: suricata-common.h:460
OutputModule_::ts_log_progress
int ts_log_progress
Definition: output.h:79
OutputLoggerThreadStore_::next
struct OutputLoggerThreadStore_ * next
Definition: output.h:35
OutputModule_::StatsLogFunc
StatsLogger StatsLogFunc
Definition: output.h:75
OutputModule_::TAILQ_ENTRY
TAILQ_ENTRY(OutputModule_) entries
tm-modules.h
TxLogger
int(* TxLogger)(ThreadVars *, void *thread_data, const Packet *, Flow *f, void *state, void *tx, uint64_t tx_id)
Transaction logger function pointer type.
Definition: output-tx.h:34
FlowLogger
int(* FlowLogger)(ThreadVars *, void *thread_data, Flow *f)
Flow logger function pointer type.
Definition: output-flow.h:36
output-packet.h
PacketLogger
int(* PacketLogger)(ThreadVars *, void *thread_data, const Packet *)
Packet logger function pointer type.
Definition: output-packet.h:35
OutputModule_::InitSubFunc
OutputInitSubFunc InitSubFunc
Definition: output.h:62
OutputGetModuleByConfName
OutputModule * OutputGetModuleByConfName(const char *name)
Get an output module by name.
Definition: output.c:612
SCFiledataLogger
int(* SCFiledataLogger)(ThreadVars *, void *thread_data, const Packet *, File *, void *tx, const uint64_t tx_id, const uint8_t *, uint32_t, uint8_t, uint8_t dir)
File-data logger function pointer type.
Definition: output-filedata.h:51
OutputModule_::PacketLogFunc
PacketLogger PacketLogFunc
Definition: output.h:67
OutputLoggerLog
TmEcode OutputLoggerLog(ThreadVars *, Packet *, void *)
Definition: output.c:708
EveJsonSimpleTxLogFunc
bool(* EveJsonSimpleTxLogFunc)(void *, struct JsonBuilder *)
Definition: output.h:164
OutputModule_::FiledataLogFunc
SCFiledataLogger FiledataLogFunc
Definition: output.h:72
OutputModule_::alproto
AppProto alproto
Definition: output.h:76
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:629
OutputCtx_
Definition: tm-modules.h:84
OutputLoggerThreadStore_::thread_data
void * thread_data
Definition: output.h:34
OutputModule_::stream_type
enum SCOutputStreamingType stream_type
Definition: output.h:77
OutputModule_::ThreadInit
ThreadInitFunc ThreadInit
Definition: output.h:64
SCEveJsonSimpleGetLogger
EveJsonSimpleAppLayerLogger * SCEveJsonSimpleGetLogger(AppProto alproto)
Definition: output.c:836
output_modules
OutputModuleList output_modules
OutputInitSubFunc
OutputInitResult(* OutputInitSubFunc)(ConfNode *, OutputCtx *)
Definition: output.h:52
OutputDropLoggerDisable
void OutputDropLoggerDisable(void)
Definition: output.c:651
decode.h
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:47
OutputModule_::ThreadDeinit
ThreadDeinitFunc ThreadDeinit
Definition: output.h:65
OutputRegisterStatsSubModule
void OutputRegisterStatsSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, StatsLogger StatsLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a stats data output sub-module.
Definition: output.c:577
output-file.h
OutputRegisterModule
void OutputRegisterModule(const char *, const char *, OutputInitFunc)
OutputRegisterTxSubModule
void OutputRegisterTxSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition: output.c:377
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
OutputRegisterStreamingModule
void OutputRegisterStreamingModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, SCStreamingLogger StreamingLogFunc, enum SCOutputStreamingType stream_type, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a streaming data output module.
Definition: output.c:503
ThreadInitFunc
TmEcode(* ThreadInitFunc)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:39
OutputModule_::StreamingLogFunc
SCStreamingLogger StreamingLogFunc
Definition: output.h:74
OutputInitResult_::ok
bool ok
Definition: output.h:48
OutputLoggerThreadStore
struct OutputLoggerThreadStore_ OutputLoggerThreadStore
OutputUnregisterFileRotationFlag
void OutputUnregisterFileRotationFlag(int *flag)
Unregister a file rotation flag.
Definition: output.c:684
OutputModule_::conf_name
const char * conf_name
Definition: output.h:59
OutputModule_::FlowLogFunc
FlowLogger FlowLogFunc
Definition: output.h:73
Packet_
Definition: decode.h:473
EveJsonSimpleAppLayerLogger
struct EveJsonSimpleAppLayerLogger EveJsonSimpleAppLayerLogger
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:830
OutputClearActiveLoggers
void OutputClearActiveLoggers(void)
Definition: output.c:821
TmEcode
TmEcode
Definition: tm-threads-common.h:79
output-flow.h
EveJsonSimpleAppLayerLogger
Definition: output.h:166
OutputRegisterTxModuleWithCondition
void OutputRegisterTxModuleWithCondition(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module with condition.
Definition: output.c:320
OutputRegisterStatsModule
void OutputRegisterStatsModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, StatsLogger StatsLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a stats data output module.
Definition: output.c:541
TxLoggerCondition
bool(* TxLoggerCondition)(ThreadVars *, const Packet *, void *state, void *tx, uint64_t tx_id)
Transaction logger condition function pointer type.
Definition: output-tx.h:41
OutputDropLoggerEnable
int OutputDropLoggerEnable(void)
Definition: output.c:643
OutputInitResult_
Definition: output.h:46
OutputModule_::TxLogCondition
TxLoggerCondition TxLogCondition
Definition: output.h:70
OutputRegisterTxModuleWithProgress
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module with progress.
Definition: output.c:344
OutputRegisterPacketSubModule
void OutputRegisterPacketSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, PacketLogger LogFunc, PacketLogCondition ConditionFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a packet output sub-module.
Definition: output.c:206
OutputRegisterFiledataModule
void OutputRegisterFiledataModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, SCFiledataLogger FiledataLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a file data output module.
Definition: output.c:430
EveJsonSimpleAppLayerLogger::LogTx
EveJsonSimpleTxLogFunc LogTx
Definition: output.h:167
OutputRegisterTxSubModuleWithCondition
void OutputRegisterTxSubModuleWithCondition(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition: output.c:328
OutputRegisterTxSubModuleWithProgress
void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition: output.c:352
OutputLoggerThreadDeinit
TmEcode OutputLoggerThreadDeinit(ThreadVars *, void *)
Definition: output.c:753
PacketLogCondition
bool(* PacketLogCondition)(ThreadVars *, void *thread_data, const Packet *)
Packet logger condition function point type.
Definition: output-packet.h:43
OutputModule_::PacketConditionFunc
PacketLogCondition PacketConditionFunc
Definition: output.h:68
OutputGetActiveCountFunc
uint32_t(* OutputGetActiveCountFunc)(void)
Definition: output.h:54
OutputRegisterFileRotationFlag
void OutputRegisterFileRotationFlag(int *flag)
Register a flag for file rotation notification.
Definition: output.c:663
EveJsonSimpleAppLayerLogger::name
const char * name
Definition: output.h:168
OutputRegisterFlowSubModule
void OutputRegisterFlowSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, FlowLogger FlowLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a flow output sub-module.
Definition: output.c:466
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:701
ConfNode_
Definition: conf.h:32
StatsLogger
int(* StatsLogger)(ThreadVars *, void *thread_data, const StatsTable *)
Definition: output-stats.h:50
OutputModule_::TxLogFunc
TxLogger TxLogFunc
Definition: output.h:69
OutputModule_::tc_log_progress
int tc_log_progress
Definition: output.h:78
OutputInitFunc
OutputInitResult(* OutputInitFunc)(ConfNode *)
Definition: output.h:51
output-stats.h
OutputLoggerExitPrintStats
void OutputLoggerExitPrintStats(ThreadVars *, void *)
OutputRegisterPacketModule
void OutputRegisterPacketModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, PacketLogger LogFunc, PacketLogCondition ConditionFunc, ThreadInitFunc, ThreadDeinitFunc)
Register a packet output module.
Definition: output.c:169
SCOutputStreamingType
SCOutputStreamingType
Definition: output-streaming.h:35
OutputRegisterRootLogger
void OutputRegisterRootLogger(ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, OutputLogFunc LogFunc, OutputGetActiveCountFunc ActiveCntFunc)
Definition: output.c:779
OutputModule_
Definition: output.h:56
SCStreamingLogger
int(* SCStreamingLogger)(ThreadVars *, void *thread_data, const Flow *f, const uint8_t *data, uint32_t data_len, uint64_t tx_id, uint8_t flags)
Definition: output-streaming.h:41
ThreadDeinitFunc
TmEcode(* ThreadDeinitFunc)(ThreadVars *, void *)
Definition: tm-modules.h:40
OutputModule_::InitFunc
OutputInitFunc InitFunc
Definition: output.h:61
OutputSetupActiveLoggers
void OutputSetupActiveLoggers(void)
Definition: output.c:808