suricata
output.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Endace Technology Limited, Jason Ish <jason.ish@endace.com>
22  */
23 
24 #ifndef SURICATA_OUTPUT_H
25 #define SURICATA_OUTPUT_H
26 
27 #include "decode.h"
28 #include "tm-modules.h"
29 
30 #define DEFAULT_LOG_MODE_APPEND "yes"
31 #define DEFAULT_LOG_FILETYPE "regular"
32 
33 typedef struct OutputLoggerThreadStore_ {
34  void *thread_data;
35  struct OutputLoggerThreadStore_ *next;
36 } OutputLoggerThreadStore;
37 
38 #include "output-packet.h"
39 #include "output-tx.h"
40 #include "output-file.h"
41 #include "output-filedata.h"
42 #include "output-flow.h"
43 #include "output-streaming.h"
44 #include "output-stats.h"
45 
46 typedef struct OutputInitResult_ {
47  OutputCtx *ctx;
48  bool ok;
49 } OutputInitResult;
50 
51 typedef OutputInitResult (*OutputInitFunc)(SCConfNode *);
52 typedef OutputInitResult (*OutputInitSubFunc)(SCConfNode *, OutputCtx *);
53 typedef TmEcode (*OutputLogFunc)(ThreadVars *, Packet *, void *);
54 typedef uint32_t (*OutputGetActiveCountFunc)(void);
55 
56 typedef struct OutputModule_ {
57  LoggerId logger_id;
58  const char *name;
59  const char *conf_name;
60  const char *parent_name;
61  OutputInitFunc InitFunc;
62  OutputInitSubFunc InitSubFunc;
63 
64  ThreadInitFunc ThreadInit;
65  ThreadDeinitFunc ThreadDeinit;
66 
67  PacketLogger PacketLogFunc;
68  PacketLogCondition PacketConditionFunc;
69  TxLogger TxLogFunc;
70  TxLoggerCondition TxLogCondition;
71  SCFileLogger FileLogFunc;
72  SCFiledataLogger FiledataLogFunc;
73  FlowLogger FlowLogFunc;
74  SCStreamingLogger StreamingLogFunc;
75  StatsLogger StatsLogFunc;
76  AppProto alproto;
77  enum SCOutputStreamingType stream_type;
78  int tc_log_progress;
79  int ts_log_progress;
80 
81  TAILQ_ENTRY(OutputModule_) entries;
82 } OutputModule;
83 
84 /* struct for packet module and packet sub-module registration */
85 typedef struct OutputPacketLoggerFunctions_ {
86  PacketLogger LogFunc;
87  PacketLogCondition ConditionFunc;
88  ThreadInitFunc ThreadInitFunc;
89  ThreadDeinitFunc ThreadDeinitFunc;
90  ThreadExitPrintStatsFunc ThreadExitPrintStatsFunc;
91 } OutputPacketLoggerFunctions;
92 
93 typedef TAILQ_HEAD(OutputModuleList_, OutputModule_) OutputModuleList;
94 extern OutputModuleList output_modules;
95 
96 void OutputRegisterModule(const char *, const char *, OutputInitFunc);
97 
98 void OutputRegisterPacketModule(LoggerId id, const char *name, const char *conf_name,
99  OutputInitFunc InitFunc, OutputPacketLoggerFunctions *);
100 void OutputRegisterPacketSubModule(LoggerId id, const char *parent_name, const char *name,
101  const char *conf_name, OutputInitSubFunc InitFunc, OutputPacketLoggerFunctions *);
102 
103 void OutputRegisterTxModule(LoggerId id, const char *name, const char *conf_name,
104  OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit,
105  ThreadDeinitFunc ThreadDeinit);
106 void OutputRegisterTxSubModule(LoggerId id, const char *parent_name, const char *name,
107  const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
108  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
109 
110 void OutputRegisterTxModuleWithCondition(LoggerId id, const char *name, const char *conf_name,
111  OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
112  TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
113 void OutputRegisterTxSubModuleWithCondition(LoggerId id, const char *parent_name, const char *name,
114  const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
115  TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
116 
117 void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name,
118  OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress,
119  int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
120 void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name,
121  const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc,
122  int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit,
123  ThreadDeinitFunc ThreadDeinit);
124 
125 void OutputRegisterFileSubModule(LoggerId id, const char *parent_name, const char *name,
126  const char *conf_name, OutputInitSubFunc InitFunc, SCFileLogger FileLogFunc,
127  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
128 
129 void OutputRegisterFiledataModule(LoggerId id, const char *name, const char *conf_name,
130  OutputInitFunc InitFunc, SCFiledataLogger FiledataLogFunc, ThreadInitFunc ThreadInit,
131  ThreadDeinitFunc ThreadDeinit);
132 
133 void OutputRegisterFlowSubModule(LoggerId id, const char *parent_name, const char *name,
134  const char *conf_name, OutputInitSubFunc InitFunc, FlowLogger FlowLogFunc,
135  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
136 
137 void OutputRegisterStreamingModule(LoggerId id, const char *name, const char *conf_name,
138  OutputInitFunc InitFunc, SCStreamingLogger StreamingLogFunc,
139  enum SCOutputStreamingType stream_type, ThreadInitFunc ThreadInit,
140  ThreadDeinitFunc ThreadDeinit);
141 
142 void OutputRegisterStatsModule(LoggerId id, const char *name, const char *conf_name,
143  OutputInitFunc InitFunc, StatsLogger StatsLogFunc, ThreadInitFunc ThreadInit,
144  ThreadDeinitFunc ThreadDeinit);
145 void OutputRegisterStatsSubModule(LoggerId id, const char *parent_name, const char *name,
146  const char *conf_name, OutputInitSubFunc InitFunc, StatsLogger StatsLogFunc,
147  ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit);
148 
149 OutputModule *OutputGetModuleByConfName(const char *name);
150 void OutputDeregisterAll(void);
151 
152 int OutputDropLoggerEnable(void);
153 void OutputDropLoggerDisable(void);
154 
155 void OutputRegisterFileRotationFlag(int *flag);
156 void OutputUnregisterFileRotationFlag(int *flag);
157 void OutputNotifyFileRotation(void);
158 
159 typedef void (*SCOnLoggingReadyCallback)(void *arg);
160 int SCRegisterOnLoggingReady(SCOnLoggingReadyCallback callback, void *arg);
161 void SCOnLoggingReady(void);
162 
163 void OutputRegisterRootLogger(ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit,
164  OutputLogFunc LogFunc, OutputGetActiveCountFunc ActiveCntFunc);
165 void TmModuleLoggerRegister(void);
166 
167 TmEcode OutputLoggerLog(ThreadVars *, Packet *, void *);
168 TmEcode OutputLoggerThreadInit(ThreadVars *, const void *, void **);
169 TmEcode OutputLoggerThreadDeinit(ThreadVars *, void *);
170 void OutputLoggerExitPrintStats(ThreadVars *, void *);
171 
172 void OutputSetupActiveLoggers(void);
173 void OutputClearActiveLoggers(void);
174 
175 #endif /* ! SURICATA_OUTPUT_H */
OutputModule_::parent_name
const char * parent_name
Definition: output.h:60
output-tx.h
OutputModule_::FileLogFunc
SCFileLogger FileLogFunc
Definition: output.h:71
OutputLogFunc
TmEcode(* OutputLogFunc)(ThreadVars *, Packet *, void *)
Definition: output.h:53
OutputLoggerThreadStore_
Definition: output.h:33
OutputLoggerThreadInit
TmEcode OutputLoggerThreadInit(ThreadVars *, const void *, void **)
Definition: output.c:798
TAILQ_HEAD
typedef TAILQ_HEAD(OutputModuleList_, OutputModule_) OutputModuleList
OutputRegisterTxModule
void OutputRegisterTxModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module.
Definition: output.c:394
OutputRegisterFileSubModule
void OutputRegisterFileSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, SCFileLogger FileLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a file output sub-module.
Definition: output.c:418
SCRegisterOnLoggingReady
int SCRegisterOnLoggingReady(SCOnLoggingReadyCallback callback, void *arg)
Register a callback to be called when logging is ready.
Definition: output.c:753
output-filedata.h
OutputModule
struct OutputModule_ OutputModule
OutputPacketLoggerFunctions_::ThreadExitPrintStatsFunc
ThreadExitPrintStatsFunc ThreadExitPrintStatsFunc
Definition: output.h:90
name
const char * name
Definition: detect-engine-proto.c:48
AppProto
uint16_t AppProto
Definition: app-layer-protos.h:86
output-streaming.h
SCFileLogger
int(* SCFileLogger)(ThreadVars *, void *thread_data, const Packet *, const File *, void *tx, const uint64_t tx_id, uint8_t direction)
Definition: output-file.h:48
OutputInitResult
struct OutputInitResult_ OutputInitResult
OutputModule_::name
const char * name
Definition: output.h:58
OutputModule_::logger_id
LoggerId logger_id
Definition: output.h:57
LoggerId
LoggerId
Definition: suricata-common.h:477
OutputModule_::ts_log_progress
int ts_log_progress
Definition: output.h:79
OutputLoggerThreadStore_::next
struct OutputLoggerThreadStore_ * next
Definition: output.h:35
OutputInitFunc
OutputInitResult(* OutputInitFunc)(SCConfNode *)
Definition: output.h:51
OutputModule_::StatsLogFunc
StatsLogger StatsLogFunc
Definition: output.h:75
OutputModule_::TAILQ_ENTRY
TAILQ_ENTRY(OutputModule_) entries
tm-modules.h
TxLogger
int(* TxLogger)(ThreadVars *, void *thread_data, const Packet *, Flow *f, void *state, void *tx, uint64_t tx_id)
Transaction logger function pointer type.
Definition: output-tx.h:34
FlowLogger
int(* FlowLogger)(ThreadVars *, void *thread_data, Flow *f)
Flow logger function pointer type.
Definition: output-flow.h:36
output-packet.h
OutputRegisterPacketModule
void OutputRegisterPacketModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, OutputPacketLoggerFunctions *)
Register a packet output module.
Definition: output.c:194
PacketLogger
int(* PacketLogger)(ThreadVars *, void *thread_data, const Packet *)
Packet logger function pointer type.
Definition: output-packet.h:35
OutputModule_::InitSubFunc
OutputInitSubFunc InitSubFunc
Definition: output.h:62
OutputGetModuleByConfName
OutputModule * OutputGetModuleByConfName(const char *name)
Get an output module by name.
Definition: output.c:637
SCFiledataLogger
int(* SCFiledataLogger)(ThreadVars *, void *thread_data, const Packet *, File *, void *tx, const uint64_t tx_id, const uint8_t *, uint32_t, uint8_t, uint8_t dir)
File-data logger function pointer type.
Definition: output-filedata.h:51
OutputModule_::PacketLogFunc
PacketLogger PacketLogFunc
Definition: output.h:67
OutputLoggerLog
TmEcode OutputLoggerLog(ThreadVars *, Packet *, void *)
Definition: output.c:784
OutputModule_::FiledataLogFunc
SCFiledataLogger FiledataLogFunc
Definition: output.h:72
SCOnLoggingReadyCallback
void(* SCOnLoggingReadyCallback)(void *arg)
Definition: output.h:159
OutputModule_::alproto
AppProto alproto
Definition: output.h:76
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:654
OutputPacketLoggerFunctions_::ConditionFunc
PacketLogCondition ConditionFunc
Definition: output.h:87
OutputCtx_
Definition: tm-modules.h:88
OutputLoggerThreadStore_::thread_data
void * thread_data
Definition: output.h:34
OutputModule_::stream_type
enum SCOutputStreamingType stream_type
Definition: output.h:77
OutputModule_::ThreadInit
ThreadInitFunc ThreadInit
Definition: output.h:64
OutputRegisterPacketSubModule
void OutputRegisterPacketSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, OutputPacketLoggerFunctions *)
Register a packet output sub-module.
Definition: output.c:231
output_modules
OutputModuleList output_modules
OutputDropLoggerDisable
void OutputDropLoggerDisable(void)
Definition: output.c:676
decode.h
OutputInitResult_::ctx
OutputCtx * ctx
Definition: output.h:47
OutputModule_::ThreadDeinit
ThreadDeinitFunc ThreadDeinit
Definition: output.h:65
OutputRegisterStatsSubModule
void OutputRegisterStatsSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, StatsLogger StatsLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a stats data output sub-module.
Definition: output.c:602
SCOnLoggingReady
void SCOnLoggingReady(void)
Invokes all registered logging ready callbacks.
Definition: output.c:774
output-file.h
OutputRegisterModule
void OutputRegisterModule(const char *, const char *, OutputInitFunc)
OutputRegisterTxSubModule
void OutputRegisterTxSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition: output.c:402
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
OutputRegisterStreamingModule
void OutputRegisterStreamingModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, SCStreamingLogger StreamingLogFunc, enum SCOutputStreamingType stream_type, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a streaming data output module.
Definition: output.c:528
ThreadInitFunc
TmEcode(* ThreadInitFunc)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:43
OutputModule_::StreamingLogFunc
SCStreamingLogger StreamingLogFunc
Definition: output.h:74
OutputInitResult_::ok
bool ok
Definition: output.h:48
OutputPacketLoggerFunctions
struct OutputPacketLoggerFunctions_ OutputPacketLoggerFunctions
OutputLoggerThreadStore
struct OutputLoggerThreadStore_ OutputLoggerThreadStore
OutputUnregisterFileRotationFlag
void OutputUnregisterFileRotationFlag(int *flag)
Unregister a file rotation flag.
Definition: output.c:711
OutputModule_::conf_name
const char * conf_name
Definition: output.h:59
OutputModule_::FlowLogFunc
FlowLogger FlowLogFunc
Definition: output.h:73
Packet_
Definition: decode.h:505
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:906
OutputClearActiveLoggers
void OutputClearActiveLoggers(void)
Definition: output.c:897
TmEcode
TmEcode
Definition: tm-threads-common.h:80
output-flow.h
OutputRegisterTxModuleWithCondition
void OutputRegisterTxModuleWithCondition(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module with condition.
Definition: output.c:345
OutputRegisterStatsModule
void OutputRegisterStatsModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, StatsLogger StatsLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a stats data output module.
Definition: output.c:566
TxLoggerCondition
bool(* TxLoggerCondition)(ThreadVars *, const Packet *, void *state, void *tx, uint64_t tx_id)
Transaction logger condition function pointer type.
Definition: output-tx.h:41
OutputDropLoggerEnable
int OutputDropLoggerEnable(void)
Definition: output.c:668
OutputPacketLoggerFunctions_::ThreadDeinitFunc
ThreadDeinitFunc ThreadDeinitFunc
Definition: output.h:89
OutputInitResult_
Definition: output.h:46
OutputModule_::TxLogCondition
TxLoggerCondition TxLogCondition
Definition: output.h:70
OutputRegisterTxModuleWithProgress
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module with progress.
Definition: output.c:369
OutputRegisterFiledataModule
void OutputRegisterFiledataModule(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, SCFiledataLogger FiledataLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a file data output module.
Definition: output.c:455
OutputRegisterTxSubModuleWithCondition
void OutputRegisterTxSubModuleWithCondition(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, TxLoggerCondition TxLogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition: output.c:353
OutputRegisterTxSubModuleWithProgress
void OutputRegisterTxSubModuleWithProgress(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Definition: output.c:377
OutputPacketLoggerFunctions_::LogFunc
PacketLogger LogFunc
Definition: output.h:86
OutputLoggerThreadDeinit
TmEcode OutputLoggerThreadDeinit(ThreadVars *, void *)
Definition: output.c:829
PacketLogCondition
bool(* PacketLogCondition)(ThreadVars *, void *thread_data, const Packet *)
Packet logger condition function point type.
Definition: output-packet.h:43
OutputModule_::PacketConditionFunc
PacketLogCondition PacketConditionFunc
Definition: output.h:68
OutputGetActiveCountFunc
uint32_t(* OutputGetActiveCountFunc)(void)
Definition: output.h:54
OutputPacketLoggerFunctions_::ThreadInitFunc
ThreadInitFunc ThreadInitFunc
Definition: output.h:88
OutputRegisterFileRotationFlag
void OutputRegisterFileRotationFlag(int *flag)
Register a flag for file rotation notification.
Definition: output.c:688
OutputRegisterFlowSubModule
void OutputRegisterFlowSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, FlowLogger FlowLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a flow output sub-module.
Definition: output.c:491
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:731
StatsLogger
int(* StatsLogger)(ThreadVars *, void *thread_data, const StatsTable *)
Definition: output-stats.h:50
OutputModule_::TxLogFunc
TxLogger TxLogFunc
Definition: output.h:69
OutputModule_::tc_log_progress
int tc_log_progress
Definition: output.h:78
output-stats.h
OutputLoggerExitPrintStats
void OutputLoggerExitPrintStats(ThreadVars *, void *)
SCOutputStreamingType
SCOutputStreamingType
Definition: output-streaming.h:35
OutputRegisterRootLogger
void OutputRegisterRootLogger(ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, OutputLogFunc LogFunc, OutputGetActiveCountFunc ActiveCntFunc)
Definition: output.c:855
OutputModule_
Definition: output.h:56
SCConfNode_
Definition: conf.h:37
OutputPacketLoggerFunctions_
Definition: output.h:85
OutputInitSubFunc
OutputInitResult(* OutputInitSubFunc)(SCConfNode *, OutputCtx *)
Definition: output.h:52
SCStreamingLogger
int(* SCStreamingLogger)(ThreadVars *, void *thread_data, const Flow *f, const uint8_t *data, uint32_t data_len, uint64_t tx_id, uint8_t flags)
Definition: output-streaming.h:41
ThreadDeinitFunc
TmEcode(* ThreadDeinitFunc)(ThreadVars *, void *)
Definition: tm-modules.h:44
OutputModule_::InitFunc
OutputInitFunc InitFunc
Definition: output.h:61
OutputSetupActiveLoggers
void OutputSetupActiveLoggers(void)
Definition: output.c:884