util-debug.c

Go to the documentation of this file.

/* Copyright (C) 2007-2021 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */
 
/**
 * \file
 *
 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
 *
 * Debug utility functions
 */
 
#include "suricata-common.h"
#include "util-debug.h"
 
#include "output.h"
 
#include "suricata.h"
 
#include "util-conf.h"
#include "util-enum.h"
#include "util-path.h"
#include "util-syslog.h"
#include "util-time.h"
 
// clang-format off
/* holds the string-enum mapping for the enums held in the table SCLogLevel */
SCEnumCharMap sc_log_level_map[] = {
    { "Not set",        SC_LOG_NOTSET },
    { "None",           SC_LOG_NONE },
    { "Error",          SC_LOG_ERROR },
    { "Warning",        SC_LOG_WARNING },
    { "Notice",         SC_LOG_NOTICE },
    { "Info",           SC_LOG_INFO },
    { "Perf",           SC_LOG_PERF },
    { "Config",         SC_LOG_CONFIG },
    { "Debug",          SC_LOG_DEBUG },
    { NULL,             -1 }
};
 
SCEnumCharMap sc_log_slevel_map[] = {
    { "Not set",        SC_LOG_NOTSET },
    { "None",           SC_LOG_NONE },
    { "E",              SC_LOG_ERROR },
    { "W",              SC_LOG_WARNING },
    { "i",              SC_LOG_NOTICE },
    { "i",              SC_LOG_INFO },
    { "i",              SC_LOG_PERF },
    { "i",              SC_LOG_CONFIG },
    { "d",              SC_LOG_DEBUG },
    { NULL,             -1 }
};
 
/* holds the string-enum mapping for the enums held in the table SCLogOPIface */
SCEnumCharMap sc_log_op_iface_map[ ] = {
    { "Console",        SC_LOG_OP_IFACE_CONSOLE },
    { "File",           SC_LOG_OP_IFACE_FILE },
    { "Syslog",         SC_LOG_OP_IFACE_SYSLOG },
    { NULL,             -1 }
};
// clang-format on
 
#if defined (OS_WIN32)
/**
 * \brief Used for synchronous output on WIN32
 */
static SCMutex sc_log_stream_lock;
#endif /* OS_WIN32 */
 
/**
 * \brief Transform the module name into display module name for logging
 */
static const char *SCTransformModule(const char *module_name, int *dn_len);
 
/**
 * \brief Holds the config state for the logging module
 */
static SCLogConfig *sc_log_config = NULL;
 
/**
 * \brief Returns the full path given a file and configured log dir
 */
static char *SCLogGetLogFilename(const char *);
 
/**
 * \brief Holds the global log level.  Is the same as sc_log_config->log_level
 */
SCLogLevel sc_log_global_log_level;
 
/**
 * \brief Used to indicate whether the logging module has been init or not
 */
int sc_log_module_initialized = 0;
 
/**
 * \brief Used to indicate whether the logging module has been cleaned or not
 */
int sc_log_module_cleaned = 0;
 
/**
 * \brief Maps the SC logging level to the syslog logging level
 *
 * \param The SC logging level that has to be mapped to the syslog_log_level
 *
 * \retval syslog_log_level The mapped syslog_api_log_level, for the logging
 *                          module api's internal log_level
 */
static inline int SCLogMapLogLevelToSyslogLevel(int log_level)
{
    int syslog_log_level = 0;
 
    switch (log_level) {
        case SC_LOG_ERROR:
            syslog_log_level = LOG_ERR;
            break;
        case SC_LOG_WARNING:
            syslog_log_level = LOG_WARNING;
            break;
        case SC_LOG_NOTICE:
            syslog_log_level = LOG_NOTICE;
            break;
        case SC_LOG_INFO:
            syslog_log_level = LOG_INFO;
            break;
        case SC_LOG_CONFIG:
        case SC_LOG_DEBUG:
        case SC_LOG_PERF:
            syslog_log_level = LOG_DEBUG;
            break;
        default:
            syslog_log_level = LOG_EMERG;
            break;
    }
 
    return syslog_log_level;
}
 
/**
 * \brief Output function that logs a character string out to a file descriptor
 *
 * \param fd  Pointer to the file descriptor
 * \param msg Pointer to the character string that should be logged
 */
static inline void SCLogPrintToStream(FILE *fd, char *msg)
{
    /* Would only happen if the log file failed to re-open during rotation. */
    if (fd == NULL) {
        return;
    }
 
#if defined (OS_WIN32)
    SCMutexLock(&sc_log_stream_lock);
#endif /* OS_WIN32 */
 
    if (fprintf(fd, "%s\n", msg) < 0)
        printf("Error writing to stream using fprintf\n");
 
    fflush(fd);
 
#if defined (OS_WIN32)
    SCMutexUnlock(&sc_log_stream_lock);
#endif /* OS_WIN32 */
}
 
/**
 * \brief Output function that logs a character string through the syslog iface
 *
 * \param syslog_log_level Holds the syslog_log_level that the message should be
 *                         logged as
 * \param msg              Pointer to the char string, that should be logged
 *
 * \todo syslog is thread-safe according to POSIX manual and glibc code, but we
 *       we will have to look into non POSIX compliant boxes like freeBSD
 */
static inline void SCLogPrintToSyslog(int syslog_log_level, const char *msg)
{
    //static struct syslog_data data = SYSLOG_DATA_INIT;
    //syslog_r(syslog_log_level, NULL, "%s", msg);
 
    syslog(syslog_log_level, "%s", msg);
}
 
/**
 */
static int SCLogMessageJSON(SCTime_t tval, char *buffer, size_t buffer_size, SCLogLevel log_level,
        const char *file, unsigned line, const char *function, const char *module,
        const char *message)
{
    JsonBuilder *js = jb_new_object();
    if (unlikely(js == NULL))
        goto error;
 
    char timebuf[64];
    CreateIsoTimeString(tval, timebuf, sizeof(timebuf));
    jb_set_string(js, "timestamp", timebuf);
 
    const char *s = SCMapEnumValueToName(log_level, sc_log_level_map);
    if (s != NULL) {
        jb_set_string(js, "log_level", s);
    } else {
        JB_SET_STRING(js, "log_level", "INVALID");
    }
 
    JB_SET_STRING(js, "event_type", "engine");
    jb_open_object(js, "engine");
 
    if (message)
        jb_set_string(js, "message", message);
 
    if (t_thread_name[0] != '\0') {
        jb_set_string(js, "thread_name", t_thread_name);
    }
 
    if (module) {
        /* Determine how much of module name to display */
        int dn_len = 0;
        const char *dn_name;
        dn_name = SCTransformModule(module, &dn_len);
        jb_set_string(js, "module", dn_name);
    }
 
    if (log_level >= SC_LOG_DEBUG) {
        if (function)
            jb_set_string(js, "function", function);
 
        if (file)
            jb_set_string(js, "file", file);
 
        if (line > 0)
            jb_set_uint(js, "line", line);
    }
    jb_close(js); // engine
 
    jb_close(js);
    memcpy(buffer, jb_ptr(js), MIN(buffer_size, jb_len(js)));
 
    jb_free(js);
 
    return 0;
 
error:
    return -1;
}
 
static const int transform_max_segs = 2; /* The maximum segment count to display */
/*
 * \brief Return a display name for the given module name for logging.
 *
 * The transformation is dependent upon the source code module names
 * that use the dash character to separate incremental refinements of
 * the subsystem.
 *
 * The transformation uses the local constant "transform_max_segs" to determine
 * how many segments to display; the transformed name will never consist
 * of more than this many segments.
 *
 * E.g., "detect-http-content-len" ==> "detect-http" when the max is 2
 *
 * \param module_name The source code module name to be transformed.
 * \param dn_len The number of characters in the display name to print.
 *
 * \retval Pointer to the display name
 */
static const char *SCTransformModule(const char *module_name, int *dn_len)
{
    /*
     * special case for source code module names beginning with:
     *    Prefixes skipped
     *        tm-*
     *        util-*
     *        source-*
     *    No transformation
     *        app-layer-*
     */
    if (strncmp("tm-", module_name, 3) == 0) {
        *dn_len = strlen(module_name) - 3;
        return module_name + 3;
    } else if (strncmp("util-", module_name, 5) == 0) {
        *dn_len = strlen(module_name) - 5;
        return module_name + 5;
    } else if (strncmp("source-pcap-file", module_name, 16) == 0) {
        *dn_len = strlen("pcap");
        return "pcap";
    } else if (strncmp("source-", module_name, 7) == 0) {
        *dn_len = strlen(module_name) - 7;
        return module_name + 7;
    } else if (strncmp("runmode-", module_name, 8) == 0) {
        *dn_len = strlen(module_name) - 8;
        return module_name + 8;
    } else if (strncmp("app-layer-", module_name, 10) == 0) {
        *dn_len = strlen(module_name);
        return module_name;
    } else if (strncmp("detect-engine", module_name, 13) == 0) {
        *dn_len = strlen("detect");
        return "detect";
    }
 
    int seg_cnt = 0;
 
    char *last;
    char *w = (char *)module_name;
    while (w && (w = strchr(w, '-')) != NULL && seg_cnt < transform_max_segs) {
        seg_cnt++;
        last = w;
        w++; /* skip past '-' */
    }
 
    if (seg_cnt < transform_max_segs)
        *dn_len = strlen(module_name);
    else
        *dn_len = last - module_name;
 
    return module_name;
}
 
/**
 * \brief Adds the global log_format to the outgoing buffer
 *
 * \param log_level log_level of the message that has to be logged
 * \param msg       Buffer containing the outgoing message
 * \param file      File_name from where the message originated
 * \param function  Function_name from where the message originated
 * \param line      Line_no from where the messaged originated
 *
 * \retval 0 on success; else a negative value on error
 */
static SCError SCLogMessageGetBuffer(SCTime_t tval, bool color, SCLogOPType type, char *buffer,
        size_t buffer_size, const char *log_format, const SCLogLevel log_level, const char *file,
        const unsigned int line, const char *function, const char *module, const char *message)
{
    if (type == SC_LOG_OP_TYPE_JSON)
        return SCLogMessageJSON(
                tval, buffer, buffer_size, log_level, file, line, function, module, message);
 
    char *temp = buffer;
    const char *s = NULL;
    struct tm *tms = NULL;
 
    const char *redb = "";
    const char *red = "";
    const char *yellowb = "";
    const char *yellow = "";
    const char *green = "";
    const char *blue = "";
    const char *reset = "";
    if (color) {
        redb = "\x1b[1;31m";
        red = "\x1b[31m";
        yellowb = "\x1b[1;33m";
        yellow = "\x1b[33m";
        green = "\x1b[32m";
        blue = "\x1b[34m";
        reset = "\x1b[0m";
    }
    /* no of characters_written(cw) by snprintf */
    int cw = 0;
 
    BUG_ON(sc_log_module_initialized != 1);
 
    /* make a copy of the format string as it will be modified below */
    const int add_M = strstr(log_format, "%M") == NULL;
    char local_format[strlen(log_format) + add_M * 2 + 1];
    strlcpy(local_format, log_format, sizeof(local_format));
    if (add_M)
        strlcat(local_format, "%M", sizeof(local_format));
    char *temp_fmt = local_format;
    char *substr = temp_fmt;
    struct tm local_tm;
 
    while ((temp_fmt = strchr(temp_fmt, SC_LOG_FMT_PREFIX))) {
        if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
            return 0;
        }
        switch(temp_fmt[1]) {
            case SC_LOG_FMT_TIME:
                temp_fmt[0] = '\0';
 
                tms = SCLocalTime(SCTIME_SECS(tval), &local_tm);
 
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                        "%s%s%04d-%02d-%02d %02d:%02d:%02d%s", substr, green, tms->tm_year + 1900,
                        tms->tm_mon + 1, tms->tm_mday, tms->tm_hour, tms->tm_min, tms->tm_sec,
                        reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_TIME_LEGACY:
                temp_fmt[0] = '\0';
 
                tms = SCLocalTime(SCTIME_SECS(tval), &local_tm);
 
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                              "%s%s%d/%d/%04d -- %02d:%02d:%02d%s",
                              substr, green, tms->tm_mday, tms->tm_mon + 1,
                              tms->tm_year + 1900, tms->tm_hour, tms->tm_min,
                              tms->tm_sec, reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_PID:
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                              "%s%s%u%s", substr, yellow, getpid(), reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_TID:
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                              "%s%s%lu%s", substr, yellow, SCGetThreadIdLong(), reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_THREAD_NAME:
            case SC_LOG_FMT_TM:
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s", substr,
                        yellow, t_thread_name, reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_LOG_LEVEL:
                temp_fmt[0] = '\0';
                s = SCMapEnumValueToName(log_level, sc_log_level_map);
                if (s != NULL) {
                    if (log_level <= SC_LOG_ERROR)
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                                  "%s%s%s%s", substr, redb, s, reset);
                    else if (log_level == SC_LOG_WARNING)
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                                  "%s%s%s%s", substr, red, s, reset);
                    else if (log_level == SC_LOG_NOTICE)
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                                  "%s%s%s%s", substr, yellowb, s, reset);
                    else
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s",
                                substr, yellow, s, reset);
                } else {
                    cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s", substr,
                            "INVALID");
                }
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_LOG_SLEVEL:
                temp_fmt[0] = '\0';
                s = SCMapEnumValueToName(log_level, sc_log_slevel_map);
                if (s != NULL) {
                    if (log_level <= SC_LOG_ERROR)
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s",
                                substr, redb, s, reset);
                    else if (log_level == SC_LOG_WARNING)
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s",
                                substr, red, s, reset);
                    else if (log_level == SC_LOG_NOTICE)
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s",
                                substr, yellowb, s, reset);
                    else
                        cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                                  "%s%s%s%s", substr, yellow, s, reset);
                } else {
                    cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                                  "%s%s", substr, "INVALID");
                }
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_FILE_NAME:
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                              "%s%s%s%s", substr, blue, file, reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_LINE:
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                              "%s%s%u%s", substr, green, line, reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_SUBSYSTEM:
                temp_fmt[0] = '\0';
 
                /* Determine how much of module name to display */
                int dn_len = 0;
                const char *dn_name = "unknown";
                if (module) {
                    dn_name = SCTransformModule(module, &dn_len);
                }
 
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s", substr,
                        green, dn_name, reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_FUNCTION:
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer),
                              "%s%s%s%s", substr, green, function, reset);
                if (cw < 0)
                    return -1;
                temp += cw;
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
 
            case SC_LOG_FMT_MESSAGE: {
                temp_fmt[0] = '\0';
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s", substr);
                if (cw < 0) {
                    return -1;
                }
                temp += cw;
                if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
                    return 0;
                }
                const char *hi = "";
                if (log_level <= SC_LOG_ERROR)
                    hi = red;
                else if (log_level <= SC_LOG_NOTICE)
                    hi = yellow;
                cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s", hi, message,
                        reset);
                if (cw < 0) {
                    return -1;
                }
                temp += cw;
                if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
                    return 0;
                }
                temp_fmt++;
                substr = temp_fmt;
                substr++;
                break;
            }
        }
        temp_fmt++;
    }
    if ((temp - buffer) > SC_LOG_MAX_LOG_MSG_LEN) {
        return 0;
    }
    cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s", substr);
    if (cw < 0) {
        return -1;
    }
    if (sc_log_config->op_filter_regex != NULL) {
        if (pcre2_match(sc_log_config->op_filter_regex, (PCRE2_SPTR8)buffer, strlen(buffer), 0, 0,
                    sc_log_config->op_filter_regex_match, NULL) < 0) {
            return -1; // bit hacky, but just return !0
        }
    }
 
    return 0;
}
 
/** \internal
 *  \brief try to reopen file
 *  \note no error reporting here, as we're called by SCLogMessage
 *  \retval status 0 ok, -1 error */
static int SCLogReopen(SCLogOPIfaceCtx *op_iface_ctx)
{
    if (op_iface_ctx->file == NULL) {
        return 0;
    }
 
    if (op_iface_ctx->file_d != NULL) {
        fclose(op_iface_ctx->file_d);
    }
    op_iface_ctx->file_d = fopen(op_iface_ctx->file, "a");
    if (op_iface_ctx->file_d == NULL) {
        return -1;
    }
    return 0;
}
 
/**
 * \brief Adds the global log_format to the outgoing buffer
 *
 * \param log_level log_level of the message that has to be logged
 * \param msg       Buffer containing the outgoing message
 * \param file      File_name from where the message originated
 * \param function  Function_name from where the message originated
 * \param line      Line_no from where the messaged originated
 *
 * \retval SC_OK on success; else an error code
 */
SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line,
        const char *function, const char *module, const char *message)
{
    char buffer[SC_LOG_MAX_LOG_MSG_LEN] = "";
    SCLogOPIfaceCtx *op_iface_ctx = NULL;
 
    if (sc_log_module_initialized != 1) {
        printf("Logging module not initialized.  Call SCLogInitLogModule() "
               "first before using the debug API\n");
        return SC_OK;
    }
 
    /* get ts here so we log the same ts to each output */
    struct timeval tval;
    gettimeofday(&tval, NULL);
    SCTime_t ts = SCTIME_FROM_TIMEVAL(&tval);
 
    op_iface_ctx = sc_log_config->op_ifaces;
    while (op_iface_ctx != NULL) {
        if (log_level != SC_LOG_NOTSET && log_level > op_iface_ctx->log_level) {
            op_iface_ctx = op_iface_ctx->next;
            continue;
        }
 
        switch (op_iface_ctx->iface) {
            case SC_LOG_OP_IFACE_CONSOLE:
                if (SCLogMessageGetBuffer(ts, op_iface_ctx->use_color, op_iface_ctx->type, buffer,
                            sizeof(buffer),
                            op_iface_ctx->log_format ? op_iface_ctx->log_format
                                                     : sc_log_config->log_format,
                            log_level, file, line, function, module, message) == 0) {
                    SCLogPrintToStream((log_level == SC_LOG_ERROR)? stderr: stdout, buffer);
                }
                break;
            case SC_LOG_OP_IFACE_FILE:
                if (SCLogMessageGetBuffer(ts, 0, op_iface_ctx->type, buffer, sizeof(buffer),
                            op_iface_ctx->log_format ? op_iface_ctx->log_format
                                                     : sc_log_config->log_format,
                            log_level, file, line, function, module, message) == 0) {
                    int r = 0;
                    SCMutexLock(&op_iface_ctx->fp_mutex);
                    if (op_iface_ctx->rotation_flag) {
                        r = SCLogReopen(op_iface_ctx);
                        op_iface_ctx->rotation_flag = 0;
                    }
                    SCLogPrintToStream(op_iface_ctx->file_d, buffer);
                    SCMutexUnlock(&op_iface_ctx->fp_mutex);
 
                    /* report error outside of lock to avoid recursion */
                    if (r == -1) {
                        SCLogError("re-opening file \"%s\" failed: %s", op_iface_ctx->file,
                                strerror(errno));
                    }
                }
                break;
            case SC_LOG_OP_IFACE_SYSLOG:
                if (SCLogMessageGetBuffer(ts, 0, op_iface_ctx->type, buffer, sizeof(buffer),
                            op_iface_ctx->log_format ? op_iface_ctx->log_format
                                                     : sc_log_config->log_format,
                            log_level, file, line, function, module, message) == 0) {
                    SCLogPrintToSyslog(SCLogMapLogLevelToSyslogLevel(log_level), buffer);
                }
                break;
            default:
                break;
        }
        op_iface_ctx = op_iface_ctx->next;
    }
    return SC_OK;
}
 
void SCLog(int x, const char *file, const char *func, const int line, const char *module,
        const char *fmt, ...)
{
    if (sc_log_global_log_level >= x &&
            (sc_log_fg_filters_present == 0 ||
             SCLogMatchFGFilterWL(file, func, line) == 1 ||
             SCLogMatchFGFilterBL(file, func, line) == 1) &&
            (sc_log_fd_filters_present == 0 ||
             SCLogMatchFDFilter(func) == 1))
    {
        char msg[SC_LOG_MAX_LOG_MSG_LEN];
        va_list ap;
        va_start(ap, fmt);
        vsnprintf(msg, sizeof(msg), fmt, ap);
        va_end(ap);
        SCLogMessage(x, file, line, func, module, msg);
    }
}
 
void SCLogErr(int x, const char *file, const char *func, const int line, const char *module,
        const char *fmt, ...)
{
    if (sc_log_global_log_level >= x &&
            (sc_log_fg_filters_present == 0 ||
             SCLogMatchFGFilterWL(file, func, line) == 1 ||
             SCLogMatchFGFilterBL(file, func, line) == 1) &&
            (sc_log_fd_filters_present == 0 ||
             SCLogMatchFDFilter(func) == 1))
    {
        char msg[SC_LOG_MAX_LOG_MSG_LEN];
        va_list ap;
        va_start(ap, fmt);
        vsnprintf(msg, sizeof(msg), fmt, ap);
        va_end(ap);
        SCLogMessage(x, file, line, func, module, msg);
    }
}
 
/**
 * \brief Returns whether debug messages are enabled to be logged or not
 *
 * \retval 1 if debug messages are enabled to be logged
 * \retval 0 if debug messages are not enabled to be logged
 */
int SCLogDebugEnabled(void)
{
#ifdef DEBUG
    if (sc_log_global_log_level == SC_LOG_DEBUG)
        return 1;
    else
        return 0;
#else
    return 0;
#endif
}
 
/**
 * \brief Allocates an output buffer for an output interface.  Used when we
 *        want the op_interface log_format to override the global_log_format.
 *        Currently not used.
 *
 * \retval buffer Pointer to the newly created output_buffer
 */
SCLogOPBuffer *SCLogAllocLogOPBuffer(void)
{
    SCLogOPBuffer *buffer = NULL;
 
    if ( (buffer = SCMalloc(sc_log_config->op_ifaces_cnt *
                          sizeof(SCLogOPBuffer))) == NULL) {
        FatalError("Fatal error encountered in SCLogAllocLogOPBuffer. Exiting...");
    }
 
    SCLogOPIfaceCtx *op_iface_ctx = sc_log_config->op_ifaces;
    for (int i = 0; i < sc_log_config->op_ifaces_cnt; i++, op_iface_ctx = op_iface_ctx->next) {
        buffer[i].log_format = op_iface_ctx->log_format;
        buffer[i].temp = buffer[i].msg;
    }
 
    return buffer;
}
 
/*----------------------The logging module initialization code--------------- */
 
/**
 * \brief Returns a new output_interface_context
 *
 * \retval iface_ctx Pointer to a newly allocated output_interface_context
 * \initonly
 */
static inline SCLogOPIfaceCtx *SCLogAllocLogOPIfaceCtx(void)
{
    SCLogOPIfaceCtx *iface_ctx = NULL;
 
    if ((iface_ctx = SCCalloc(1, sizeof(SCLogOPIfaceCtx))) == NULL) {
        FatalError("Fatal error encountered in SCLogallocLogOPIfaceCtx. Exiting...");
    }
 
    return iface_ctx;
}
 
/**
 * \brief Initializes the file output interface
 *
 * \param file       Path to the file used for logging purposes
 * \param log_format Pointer to the log_format for this op interface, that
 *                   overrides the global_log_format
 * \param log_level  Override of the global_log_level by this interface
 *
 * \retval iface_ctx Pointer to the file output interface context created
 * \initonly
 */
static inline SCLogOPIfaceCtx *SCLogInitFileOPIface(const char *file, uint32_t userid,
        uint32_t groupid, const char *log_format, int log_level, SCLogOPType type)
{
    SCLogOPIfaceCtx *iface_ctx = SCLogAllocLogOPIfaceCtx();
    if (iface_ctx == NULL) {
        FatalError("Fatal error encountered in SCLogInitFileOPIface. Exiting...");
    }
 
    if (file == NULL) {
        goto error;
    }
 
    iface_ctx->iface = SC_LOG_OP_IFACE_FILE;
    iface_ctx->type = type;
 
    if ( (iface_ctx->file_d = fopen(file, "a")) == NULL) {
        SCLogWarning("error opening file %s: %s", file, strerror(errno));
        goto error;
    }
 
#ifndef OS_WIN32
    if (userid != 0 || groupid != 0) {
        if (fchown(fileno(iface_ctx->file_d), userid, groupid) == -1) {
            SCLogWarning("Failed to change ownership of file %s: %s", file, strerror(errno));
        }
    }
#endif
 
    if ((iface_ctx->file = SCStrdup(file)) == NULL) {
        goto error;
    }
 
    if (log_format != NULL && (iface_ctx->log_format = SCStrdup(log_format)) == NULL) {
        goto error;
    }
 
    SCMutexInit(&iface_ctx->fp_mutex, NULL);
    OutputRegisterFileRotationFlag(&iface_ctx->rotation_flag);
 
    iface_ctx->log_level = log_level;
 
    return iface_ctx;
 
error:
    if (iface_ctx->file != NULL) {
        SCFree((char *)iface_ctx->file);
        iface_ctx->file = NULL;
    }
    if (iface_ctx->log_format != NULL) {
        SCFree((char *)iface_ctx->log_format);
        iface_ctx->log_format = NULL;
    }
    if (iface_ctx->file_d != NULL) {
        fclose(iface_ctx->file_d);
        iface_ctx->file_d = NULL;
    }
    SCFree(iface_ctx);
    return NULL;
}
 
/**
 * \brief Initializes the console output interface and deals with possible
 *        env var overrides.
 *
 * \param log_format Pointer to the log_format for this op interface, that
 *                   overrides the global_log_format
 * \param log_level  Override of the global_log_level by this interface
 *
 * \retval iface_ctx Pointer to the console output interface context created
 * \initonly
 */
static inline SCLogOPIfaceCtx *SCLogInitConsoleOPIface(const char *log_format,
                                                       SCLogLevel log_level, SCLogOPType type)
{
    SCLogOPIfaceCtx *iface_ctx = SCLogAllocLogOPIfaceCtx();
 
    if (iface_ctx == NULL) {
        FatalError("Fatal error encountered in SCLogInitConsoleOPIface. Exiting...");
    }
 
    iface_ctx->iface = SC_LOG_OP_IFACE_CONSOLE;
    iface_ctx->type = type;
 
    /* console log format is overridden by envvars */
    const char *tmp_log_format = log_format;
    const char *s = getenv(SC_LOG_ENV_LOG_FORMAT);
    if (s != NULL) {
#if 0
        printf("Overriding setting for \"console.format\" because of env "
                "var SC_LOG_FORMAT=\"%s\".\n", s);
#endif
        tmp_log_format = s;
    }
 
    if (tmp_log_format != NULL &&
        (iface_ctx->log_format = SCStrdup(tmp_log_format)) == NULL) {
        printf("Error allocating memory\n");
        exit(EXIT_FAILURE);
    }
 
    /* console log level is overridden by envvars */
    SCLogLevel tmp_log_level = log_level;
    s = getenv(SC_LOG_ENV_LOG_LEVEL);
    if (s != NULL) {
        SCLogLevel l = SCMapEnumNameToValue(s, sc_log_level_map);
        if (l > SC_LOG_NOTSET && l < SC_LOG_LEVEL_MAX) {
#if 0
            printf("Overriding setting for \"console.level\" because of env "
                    "var SC_LOG_LEVEL=\"%s\".\n", s);
#endif
            tmp_log_level = l;
        }
    }
    iface_ctx->log_level = tmp_log_level;
 
#ifndef OS_WIN32
    if (isatty(fileno(stdout)) && isatty(fileno(stderr))) {
        iface_ctx->use_color = true;
    }
#endif
 
    return iface_ctx;
}
 
/**
 * \brief Initializes the syslog output interface
 *
 * \param facility   The facility code for syslog
 * \param log_format Pointer to the log_format for this op interface, that
 *                   overrides the global_log_format
 * \param log_level  Override of the global_log_level by this interface
 *
 * \retval iface_ctx Pointer to the syslog output interface context created
 */
static inline SCLogOPIfaceCtx *SCLogInitSyslogOPIface(int facility,
                                                      const char *log_format,
                                                      SCLogLevel log_level,
                                                      SCLogOPType type)
{
    SCLogOPIfaceCtx *iface_ctx = SCLogAllocLogOPIfaceCtx();
 
    if ( iface_ctx == NULL) {
        FatalError("Fatal error encountered in SCLogInitSyslogOPIface. Exiting...");
    }
 
    iface_ctx->iface = SC_LOG_OP_IFACE_SYSLOG;
    iface_ctx->type = type;
 
    if (facility == -1)
        facility = SC_LOG_DEF_SYSLOG_FACILITY;
    iface_ctx->facility = facility;
 
    if (log_format != NULL &&
        (iface_ctx->log_format = SCStrdup(log_format)) == NULL) {
        printf("Error allocating memory\n");
        exit(EXIT_FAILURE);
    }
 
    iface_ctx->log_level = log_level;
 
    openlog(NULL, LOG_NDELAY, iface_ctx->facility);
 
    return iface_ctx;
}
 
/**
 * \brief Frees the output_interface context supplied as an argument
 *
 * \param iface_ctx Pointer to the op_interface_context to be freed
 */
static inline void SCLogFreeLogOPIfaceCtx(SCLogOPIfaceCtx *iface_ctx)
{
    SCLogOPIfaceCtx *temp = NULL;
 
    while (iface_ctx != NULL) {
        temp = iface_ctx;
 
        if (iface_ctx->file_d != NULL) {
            fclose(iface_ctx->file_d);
            SCMutexDestroy(&iface_ctx->fp_mutex);
        }
 
        if (iface_ctx->file != NULL)
            SCFree((void *)iface_ctx->file);
 
        if (iface_ctx->log_format != NULL)
            SCFree((void *)iface_ctx->log_format);
 
        if (iface_ctx->iface == SC_LOG_OP_IFACE_SYSLOG) {
            closelog();
        }
 
        iface_ctx = iface_ctx->next;
 
        SCFree(temp);
    }
}
 
/**
 * \brief Internal function used to set the logging module global_log_level
 *        during the initialization phase
 *
 * \param sc_lid The initialization data supplied.
 * \param sc_lc  The logging module context which has to be updated.
 */
static inline void SCLogSetLogLevel(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
{
    SCLogLevel log_level = SC_LOG_NOTSET;
    const char *s = NULL;
 
    /* envvar overrides config */
    s = getenv(SC_LOG_ENV_LOG_LEVEL);
    if (s != NULL) {
        log_level = SCMapEnumNameToValue(s, sc_log_level_map);
    } else if (sc_lid != NULL) {
        log_level = sc_lid->global_log_level;
    }
 
    /* deal with the global_log_level to be used */
    if (log_level > SC_LOG_NOTSET && log_level < SC_LOG_LEVEL_MAX)
        sc_lc->log_level = log_level;
    else {
        sc_lc->log_level = SC_LOG_DEF_LOG_LEVEL;
#ifndef UNITTESTS
        if (sc_lid != NULL) {
            printf("Warning: Invalid/No global_log_level assigned by user.  Falling "
                   "back on the default_log_level \"%s\"\n",
                   SCMapEnumValueToName(sc_lc->log_level, sc_log_level_map));
        }
#endif
    }
 
    /* we also set it to a global var, as it is easier to access it */
    sc_log_global_log_level = sc_lc->log_level;
}
 
SCLogLevel SCLogGetLogLevel(void)
{
    return sc_log_global_log_level;
}
 
static inline const char *SCLogGetDefaultLogFormat(const SCLogLevel lvl)
{
    const char *prog_ver = GetProgramVersion();
    if (strstr(prog_ver, "RELEASE") != NULL) {
        if (lvl <= SC_LOG_NOTICE)
            return SC_LOG_DEF_LOG_FORMAT_REL_NOTICE;
        else if (lvl <= SC_LOG_INFO)
            return SC_LOG_DEF_LOG_FORMAT_REL_INFO;
        else if (lvl <= SC_LOG_CONFIG)
            return SC_LOG_DEF_LOG_FORMAT_REL_CONFIG;
    }
    return SC_LOG_DEF_LOG_FORMAT_DEBUG;
}
 
/**
 * \brief Internal function used to set the logging module global_log_format
 *        during the initialization phase
 *
 * \param sc_lid The initialization data supplied.
 * \param sc_lc  The logging module context which has to be updated.
 */
static inline void SCLogSetLogFormat(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
{
    const char *format = NULL;
 
    /* envvar overrides config */
    format = getenv(SC_LOG_ENV_LOG_FORMAT);
    if (format == NULL) {
        if (sc_lid != NULL) {
            format = sc_lid->global_log_format;
        }
    }
 
    /* deal with the global log format to be used */
    if (format == NULL || strlen(format) > SC_LOG_MAX_LOG_FORMAT_LEN) {
        format = SCLogGetDefaultLogFormat(sc_lc->log_level);
#ifndef UNITTESTS
        if (sc_lid != NULL) {
            printf("Warning: Invalid/No global_log_format supplied by user or format "
                   "length exceeded limit of \"%d\" characters.  Falling back on "
                   "default log_format \"%s\"\n", SC_LOG_MAX_LOG_FORMAT_LEN,
                   format);
        }
#endif
    }
 
    if (format != NULL && (sc_lc->log_format = SCStrdup(format)) == NULL) {
        printf("Error allocating memory\n");
        exit(EXIT_FAILURE);
    }
}
 
/**
 * \brief Internal function used to set the logging module global_op_ifaces
 *        during the initialization phase
 *
 * \param sc_lid The initialization data supplied.
 * \param sc_lc  The logging module context which has to be updated.
 */
static inline void SCLogSetOPIface(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
{
    SCLogOPIfaceCtx *op_ifaces_ctx = NULL;
    int op_iface = 0;
    const char *s = NULL;
 
    if (sc_lid != NULL && sc_lid->op_ifaces != NULL) {
        sc_lc->op_ifaces = sc_lid->op_ifaces;
        sc_lid->op_ifaces = NULL;
        sc_lc->op_ifaces_cnt = sc_lid->op_ifaces_cnt;
    } else {
        s = getenv(SC_LOG_ENV_LOG_OP_IFACE);
        if (s != NULL) {
            op_iface = SCMapEnumNameToValue(s, sc_log_op_iface_map);
 
            if(op_iface < 0 || op_iface >= SC_LOG_OP_IFACE_MAX) {
                op_iface = SC_LOG_DEF_LOG_OP_IFACE;
#ifndef UNITTESTS
                printf("Warning: Invalid output interface supplied by user.  "
                       "Falling back on default_output_interface \"%s\"\n",
                       SCMapEnumValueToName(op_iface, sc_log_op_iface_map));
#endif
            }
        }
        else {
            op_iface = SC_LOG_DEF_LOG_OP_IFACE;
#ifndef UNITTESTS
            if (sc_lid != NULL) {
                printf("Warning: Output_interface not supplied by user.  Falling "
                       "back on default_output_interface \"%s\"\n",
                       SCMapEnumValueToName(op_iface, sc_log_op_iface_map));
            }
#endif
        }
 
        switch (op_iface) {
            case SC_LOG_OP_IFACE_CONSOLE:
                op_ifaces_ctx = SCLogInitConsoleOPIface(NULL, SC_LOG_LEVEL_MAX,0);
                break;
            case SC_LOG_OP_IFACE_FILE:
                s = getenv(SC_LOG_ENV_LOG_FILE);
                if (s == NULL) {
                    char *str = SCLogGetLogFilename(SC_LOG_DEF_LOG_FILE);
                    if (str != NULL) {
                        op_ifaces_ctx = SCLogInitFileOPIface(str, 0, 0, NULL, SC_LOG_LEVEL_MAX, 0);
                        SCFree(str);
                    }
                } else {
                    op_ifaces_ctx = SCLogInitFileOPIface(s, 0, 0, NULL, SC_LOG_LEVEL_MAX, 0);
                }
                break;
            case SC_LOG_OP_IFACE_SYSLOG:
                s = getenv(SC_LOG_ENV_LOG_FACILITY);
                if (s == NULL)
                    s = SC_LOG_DEF_SYSLOG_FACILITY_STR;
 
                op_ifaces_ctx = SCLogInitSyslogOPIface(SCMapEnumNameToValue(s, SCSyslogGetFacilityMap()), NULL, -1,0);
                break;
        }
        sc_lc->op_ifaces = op_ifaces_ctx;
        sc_lc->op_ifaces_cnt++;
    }
}
 
/**
 * \brief Internal function used to set the logging module op_filter
 *        during the initialization phase
 *
 * \param sc_lid The initialization data supplied.
 * \param sc_lc  The logging module context which has to be updated.
 */
static inline void SCLogSetOPFilter(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
{
    const char *filter = NULL;
 
    int opts = 0;
    int en;
    PCRE2_SIZE eo = 0;
 
    /* envvar overrides */
    filter = getenv(SC_LOG_ENV_LOG_OP_FILTER);
    if (filter == NULL) {
        if (sc_lid != NULL) {
            filter = sc_lid->op_filter;
        }
    }
 
    if (filter != NULL && strcmp(filter, "") != 0) {
        sc_lc->op_filter = SCStrdup(filter);
        if (sc_lc->op_filter == NULL) {
            printf("pcre filter alloc failed\n");
            return;
        }
        sc_lc->op_filter_regex =
                pcre2_compile((PCRE2_SPTR8)filter, PCRE2_ZERO_TERMINATED, opts, &en, &eo, NULL);
        if (sc_lc->op_filter_regex == NULL) {
            SCFree(sc_lc->op_filter);
            PCRE2_UCHAR errbuffer[256];
            pcre2_get_error_message(en, errbuffer, sizeof(errbuffer));
            printf("pcre2 compile of \"%s\" failed at offset %d : %s\n", filter, (int)eo,
                    errbuffer);
            return;
        }
        sc_lc->op_filter_regex_match =
                pcre2_match_data_create_from_pattern(sc_lc->op_filter_regex, NULL);
    }
}
 
/**
 * \brief Returns a pointer to a new SCLogInitData.  This is a public interface
 *        intended to be used after the logging parameters are read from the
 *        conf file
 *
 * \retval sc_lid Pointer to the newly created SCLogInitData
 * \initonly
 */
SCLogInitData *SCLogAllocLogInitData(void)
{
    SCLogInitData *sc_lid = NULL;
 
    if ((sc_lid = SCCalloc(1, sizeof(SCLogInitData))) == NULL)
        return NULL;
 
    return sc_lid;
}
 
#ifdef UNITTESTS
#ifndef OS_WIN32
/**
 * \brief Frees a SCLogInitData
 *
 * \param sc_lid Pointer to the SCLogInitData to be freed
 */
static void SCLogFreeLogInitData(SCLogInitData *sc_lid)
{
    if (sc_lid != NULL) {
        SCLogFreeLogOPIfaceCtx(sc_lid->op_ifaces);
        SCFree(sc_lid);
    }
}
#endif
#endif
 
/**
 * \brief Frees the logging module context
 */
static inline void SCLogFreeLogConfig(SCLogConfig *sc_lc)
{
    if (sc_lc != NULL) {
        if (sc_lc->startup_message != NULL)
            SCFree(sc_lc->startup_message);
        if (sc_lc->log_format != NULL)
            SCFree(sc_lc->log_format);
        if (sc_lc->op_filter != NULL)
            SCFree(sc_lc->op_filter);
 
        if (sc_lc->op_filter_regex != NULL)
            pcre2_code_free(sc_lc->op_filter_regex);
        if (sc_lc->op_filter_regex_match)
            pcre2_match_data_free(sc_lc->op_filter_regex_match);
 
        SCLogFreeLogOPIfaceCtx(sc_lc->op_ifaces);
        SCFree(sc_lc);
    }
}
 
/**
 * \brief Appends an output_interface to the output_interface list sent in head
 *
 * \param iface_ctx Pointer to the output_interface that has to be added to head
 * \param head      Pointer to the output_interface list
 */
void SCLogAppendOPIfaceCtx(SCLogOPIfaceCtx *iface_ctx, SCLogInitData *sc_lid)
{
    SCLogOPIfaceCtx *temp = NULL, *prev = NULL;
    SCLogOPIfaceCtx **head = &sc_lid->op_ifaces;
 
    if (iface_ctx == NULL) {
#ifdef DEBUG
        printf("Argument(s) to SCLogAppendOPIfaceCtx() NULL\n");
#endif
        return;
    }
 
    temp = *head;
    while (temp != NULL) {
        prev = temp;
        temp = temp->next;
    }
 
    if (prev == NULL)
        *head = iface_ctx;
    else
        prev->next = iface_ctx;
 
    sc_lid->op_ifaces_cnt++;
}
 
#ifdef UNITTESTS
#ifndef OS_WIN32
/**
 * \internal
 * \brief Creates a new output interface based on the arguments sent.  The kind
 *        of output interface to be created is decided by the iface_name arg.
 *        If iface_name is "file", the arg argument will hold the filename to be
 *        used for logging purposes.  If iface_name is "syslog", the arg
 *        argument holds the facility code.  If iface_name is "console", arg is
 *        NULL.
 *
 * \param iface_name Interface name.  Can be "console", "file" or "syslog"
 * \param log_format Override for the global_log_format
 * \param log_level  Override for the global_log_level
 * \param log_level  Parameter required by a particular interface.  Explained in
 *                   the function description
 *
 * \retval iface_ctx Pointer to the newly created output interface
 */
static SCLogOPIfaceCtx *SCLogInitOPIfaceCtx(
        const char *iface_name, const char *log_format, int log_level, const char *arg)
{
    int iface = SCMapEnumNameToValue(iface_name, sc_log_op_iface_map);
 
    if (log_level < SC_LOG_NONE || log_level > SC_LOG_DEBUG) {
        printf("Warning: Supplied log_level_override for op_interface \"%s\" "
               "is invalid.  Defaulting to not specifying an override\n",
                iface_name);
        log_level = SC_LOG_NOTSET;
    }
 
    switch (iface) {
        case SC_LOG_OP_IFACE_CONSOLE:
            return SCLogInitConsoleOPIface(log_format, log_level, SC_LOG_OP_TYPE_REGULAR);
        case SC_LOG_OP_IFACE_FILE:
            return SCLogInitFileOPIface(arg, 0, 0, log_format, log_level, SC_LOG_OP_TYPE_REGULAR);
        case SC_LOG_OP_IFACE_SYSLOG:
            return SCLogInitSyslogOPIface(SCMapEnumNameToValue(arg, SCSyslogGetFacilityMap()),
                    log_format, log_level, SC_LOG_OP_TYPE_REGULAR);
        default:
#ifdef DEBUG
            printf("Output Interface \"%s\" not supported by the logging module",
                   iface_name);
#endif
            return NULL;
    }
}
#endif
#endif
 
/**
 * \brief Initializes the logging module.
 *
 * \param sc_lid The initialization data for the logging module.  If sc_lid is
 *               NULL, we would stick to the default configuration for the
 *               logging subsystem.
 * \initonly
 */
void SCLogInitLogModule(SCLogInitData *sc_lid)
{
    /* De-initialize the logging context, if it has already init by the
     * environment variables at the start of the engine */
    SCLogDeInitLogModule();
 
#if defined (OS_WIN32)
    if (SCMutexInit(&sc_log_stream_lock, NULL) != 0) {
        FatalError("Failed to initialize log mutex.");
    }
#endif /* OS_WIN32 */
 
    /* sc_log_config is a global variable */
    if ((sc_log_config = SCCalloc(1, sizeof(SCLogConfig))) == NULL) {
        FatalError("Fatal error encountered in SCLogInitLogModule. Exiting...");
    }
 
    SCLogSetLogLevel(sc_lid, sc_log_config);
    SCLogSetLogFormat(sc_lid, sc_log_config);
    SCLogSetOPIface(sc_lid, sc_log_config);
    SCLogSetOPFilter(sc_lid, sc_log_config);
 
    sc_log_module_initialized = 1;
    sc_log_module_cleaned = 0;
 
    //SCOutputPrint(sc_did->startup_message);
 
    rs_log_set_level(sc_log_global_log_level);
}
 
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
{
    ConfNode *outputs;
    SCLogInitData *sc_lid;
    int have_logging = 0;
    int max_level = 0;
    SCLogLevel min_level = 0;
 
    /* If verbose logging was requested, set the minimum as
     * SC_LOG_NOTICE plus the extra verbosity. */
    if (verbose) {
        min_level = SC_LOG_NOTICE + verbose;
    }
 
    outputs = ConfGetNode("logging.outputs");
    if (outputs == NULL) {
        SCLogDebug("No logging.output configuration section found.");
        return;
    }
 
    sc_lid = SCLogAllocLogInitData();
    if (sc_lid == NULL) {
        SCLogDebug("Could not allocate memory for log init data");
        return;
    }
 
    /* Get default log level and format. */
    const char *default_log_level_s = NULL;
    if (ConfGet("logging.default-log-level", &default_log_level_s) == 1) {
        SCLogLevel default_log_level =
            SCMapEnumNameToValue(default_log_level_s, sc_log_level_map);
        if (default_log_level == -1) {
            SCLogError("Invalid default log level: %s", default_log_level_s);
            exit(EXIT_FAILURE);
        }
        sc_lid->global_log_level = MAX(min_level, default_log_level);
    }
    else {
        sc_lid->global_log_level = MAX(min_level, SC_LOG_NOTICE);
    }
 
    if (ConfGet("logging.default-log-format", &sc_lid->global_log_format) != 1)
        sc_lid->global_log_format = SCLogGetDefaultLogFormat(sc_lid->global_log_level);
 
    (void)ConfGet("logging.default-output-filter", &sc_lid->op_filter);
 
    ConfNode *seq_node, *output;
    TAILQ_FOREACH(seq_node, &outputs->head, next) {
        SCLogLevel level = sc_lid->global_log_level;
        SCLogOPIfaceCtx *op_iface_ctx = NULL;
        const char *format;
        const char *level_s;
 
        output = ConfNodeLookupChild(seq_node, seq_node->val);
        if (output == NULL)
            continue;
 
        /* By default an output is enabled. */
        const char *enabled = ConfNodeLookupChildValue(output, "enabled");
        if (enabled != NULL && ConfValIsFalse(enabled))
            continue;
 
        SCLogOPType type = SC_LOG_OP_TYPE_REGULAR;
        const char *type_s = ConfNodeLookupChildValue(output, "type");
        if (type_s != NULL) {
            if (strcmp(type_s, "regular") == 0)
                type = SC_LOG_OP_TYPE_REGULAR;
            else if (strcmp(type_s, "json") == 0) {
                type = SC_LOG_OP_TYPE_JSON;
            }
        }
 
        format = ConfNodeLookupChildValue(output, "format");
 
        level_s = ConfNodeLookupChildValue(output, "level");
        if (level_s != NULL) {
            level = SCMapEnumNameToValue(level_s, sc_log_level_map);
            if (level == -1) {
                SCLogError("Invalid log level: %s", level_s);
                exit(EXIT_FAILURE);
            }
            max_level = MAX(max_level, level);
        }
 
        /* Increase the level of extra verbosity was requested. */
        level = MAX(min_level, level);
 
        if (strcmp(output->name, "console") == 0) {
            op_iface_ctx = SCLogInitConsoleOPIface(format, level, type);
        }
        else if (strcmp(output->name, "file") == 0) {
            if (format == NULL) {
                format = SC_LOG_DEF_FILE_FORMAT;
            }
 
            const char *filename = ConfNodeLookupChildValue(output, "filename");
            if (filename == NULL) {
                FatalError("Logging to file requires a filename");
            }
            char *path = NULL;
            if (!(PathIsAbsolute(filename))) {
                path = SCLogGetLogFilename(filename);
            } else {
                path = SCStrdup(filename);
            }
            if (path == NULL)
                FatalError("failed to setup output to file");
            have_logging = 1;
            op_iface_ctx = SCLogInitFileOPIface(path, userid, groupid, format, level, type);
            SCFree(path);
        }
        else if (strcmp(output->name, "syslog") == 0) {
            int facility = SC_LOG_DEF_SYSLOG_FACILITY;
            const char *facility_s = ConfNodeLookupChildValue(output,
                "facility");
            if (facility_s != NULL) {
                facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap());
                if (facility == -1) {
                    SCLogWarning("Invalid syslog "
                                 "facility: \"%s\", now using \"%s\" as syslog "
                                 "facility",
                            facility_s, SC_LOG_DEF_SYSLOG_FACILITY_STR);
                    facility = SC_LOG_DEF_SYSLOG_FACILITY;
                }
            }
            SCLogDebug("Initializing syslog logging with format \"%s\"", format);
            have_logging = 1;
            op_iface_ctx = SCLogInitSyslogOPIface(facility, format, level, type);
        }
        else {
            SCLogWarning("invalid logging method: %s, ignoring", output->name);
        }
        if (op_iface_ctx != NULL) {
            SCLogAppendOPIfaceCtx(op_iface_ctx, sc_lid);
        }
    }
 
    if (daemon && (have_logging == 0)) {
        SCLogWarning("no logging compatible with daemon mode selected,"
                     " suricata won't be able to log. Please update "
                     " 'logging.outputs' in the YAML.");
    }
 
    /* Set the global log level to that of the max level used. */
    sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
    SCLogInitLogModule(sc_lid);
 
    SCLogDebug("sc_log_global_log_level: %d", sc_log_global_log_level);
    SCLogDebug("sc_lc->log_format: %s", sc_log_config->log_format);
    SCLogDebug("SCLogSetOPFilter: filter: %s", sc_log_config->op_filter);
 
    if (sc_lid != NULL)
        SCFree(sc_lid);
}
 
/**
 * \brief Returns a full file path given a filename uses log dir specified in
 *        conf or DEFAULT_LOG_DIR
 *
 * \param filearg The relative filename for which we want a full path include
 *                log directory
 *
 * \retval log_filename The fullpath of the logfile to open
 */
static char *SCLogGetLogFilename(const char *filearg)
{
    const char *log_dir = ConfigGetLogDirectory();
    char *log_filename = SCMalloc(PATH_MAX);
    if (unlikely(log_filename == NULL))
        return NULL;
    snprintf(log_filename, PATH_MAX, "%s/%s", log_dir, filearg);
    return log_filename;
}
 
/**
 * \brief De-Initializes the logging module
 */
void SCLogDeInitLogModule(void)
{
    SCLogFreeLogConfig(sc_log_config);
 
    /* reset the global logging_module variables */
    sc_log_global_log_level = 0;
    sc_log_module_initialized = 0;
    sc_log_module_cleaned = 1;
    sc_log_config = NULL;
 
    /* de-init the FD filters */
    SCLogReleaseFDFilters();
    /* de-init the FG filters */
    SCLogReleaseFGFilters();
 
#if defined (OS_WIN32)
    SCMutexDestroy(&sc_log_stream_lock);
#endif /* OS_WIN32 */
}
 
//------------------------------------Unit_Tests--------------------------------
 
/* The logging engine should be tested to the maximum extent possible, since
 * logging code would be used throughout the codebase, and hence we can't afford
 * to have a single bug here(not that you can afford to have a bug
 * elsewhere ;) ). Please report a bug, if you get a slightest hint of a bug
 * from the logging module.
 */
 
#ifdef UNITTESTS
 
static int SCLogTestInit01(void)
{
#ifndef OS_WIN32
    /* unset any environment variables set for the logging module */
    unsetenv(SC_LOG_ENV_LOG_LEVEL);
    unsetenv(SC_LOG_ENV_LOG_OP_IFACE);
    unsetenv(SC_LOG_ENV_LOG_FORMAT);
 
    SCLogInitLogModule(NULL);
 
    FAIL_IF_NULL(sc_log_config);
 
    FAIL_IF_NOT(SC_LOG_DEF_LOG_LEVEL == sc_log_config->log_level);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               SC_LOG_DEF_LOG_OP_IFACE == sc_log_config->op_ifaces->iface);
    FAIL_IF_NOT(sc_log_config->log_format != NULL &&
                strcmp(SCLogGetDefaultLogFormat(sc_log_config->log_level),
                        sc_log_config->log_format) == 0);
 
    SCLogDeInitLogModule();
 
    setenv(SC_LOG_ENV_LOG_LEVEL, "Debug", 1);
    setenv(SC_LOG_ENV_LOG_OP_IFACE, "Console", 1);
    setenv(SC_LOG_ENV_LOG_FORMAT, "%n- %l", 1);
 
    SCLogInitLogModule(NULL);
 
    FAIL_IF_NOT(SC_LOG_DEBUG == sc_log_config->log_level);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               SC_LOG_OP_IFACE_CONSOLE == sc_log_config->op_ifaces->iface);
    FAIL_IF_NOT(sc_log_config->log_format != NULL &&
               !strcmp("%n- %l", sc_log_config->log_format));
 
    unsetenv(SC_LOG_ENV_LOG_LEVEL);
    unsetenv(SC_LOG_ENV_LOG_OP_IFACE);
    unsetenv(SC_LOG_ENV_LOG_FORMAT);
 
    SCLogDeInitLogModule();
#endif
    PASS;
}
 
static int SCLogTestInit02(void)
{
#ifndef OS_WIN32
    SCLogInitData *sc_lid = NULL;
    SCLogOPIfaceCtx *sc_iface_ctx = NULL;
    char *logfile = SCLogGetLogFilename("boo.txt");
    sc_lid = SCLogAllocLogInitData();
    FAIL_IF_NULL(sc_lid);
    sc_lid->startup_message = "Test02";
    sc_lid->global_log_level = SC_LOG_DEBUG;
    sc_lid->op_filter = "boo";
    sc_iface_ctx = SCLogInitOPIfaceCtx("file", "%m - %d", SC_LOG_WARNING, logfile);
    SCLogAppendOPIfaceCtx(sc_iface_ctx, sc_lid);
    sc_iface_ctx = SCLogInitOPIfaceCtx("console", NULL, SC_LOG_ERROR,
                                       NULL);
    SCLogAppendOPIfaceCtx(sc_iface_ctx, sc_lid);
 
    SCLogInitLogModule(sc_lid);
 
    FAIL_IF_NULL(sc_log_config);
 
    FAIL_IF_NOT(SC_LOG_DEBUG == sc_log_config->log_level);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               SC_LOG_OP_IFACE_FILE == sc_log_config->op_ifaces->iface);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               sc_log_config->op_ifaces->next != NULL &&
               SC_LOG_OP_IFACE_CONSOLE == sc_log_config->op_ifaces->next->iface);
    FAIL_IF_NOT(sc_log_config->log_format != NULL &&
                strcmp(SCLogGetDefaultLogFormat(sc_log_config->log_level),
                        sc_log_config->log_format) == 0);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               sc_log_config->op_ifaces->log_format != NULL &&
               strcmp("%m - %d", sc_log_config->op_ifaces->log_format) == 0);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               sc_log_config->op_ifaces->next != NULL &&
               sc_log_config->op_ifaces->next->log_format == NULL);
 
    SCLogFreeLogInitData(sc_lid);
    SCLogDeInitLogModule();
 
    sc_lid = SCLogAllocLogInitData();
    FAIL_IF_NULL(sc_lid);
    sc_lid->startup_message = "Test02";
    sc_lid->global_log_level = SC_LOG_DEBUG;
    sc_lid->op_filter = "boo";
    sc_lid->global_log_format = "kaboo";
 
    SCLogInitLogModule(sc_lid);
 
    FAIL_IF_NULL(sc_log_config);
 
    FAIL_IF_NOT(SC_LOG_DEBUG == sc_log_config->log_level);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               SC_LOG_OP_IFACE_CONSOLE == sc_log_config->op_ifaces->iface);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               sc_log_config->op_ifaces->next == NULL);
    FAIL_IF_NOT(sc_log_config->log_format != NULL &&
               strcmp("kaboo", sc_log_config->log_format) == 0);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               sc_log_config->op_ifaces->log_format == NULL);
    FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
               sc_log_config->op_ifaces->next == NULL);
 
    SCLogFreeLogInitData(sc_lid);
    SCLogDeInitLogModule();
    SCFree(logfile);
#endif
    PASS;
}
 
static int SCLogTestInit03(void)
{
    SCLogInitLogModule(NULL);
 
    SCLogAddFGFilterBL(NULL, "bamboo", -1);
    SCLogAddFGFilterBL(NULL, "soo", -1);
    SCLogAddFGFilterBL(NULL, "dummy", -1);
 
    FAIL_IF_NOT(SCLogPrintFGFilters() == 3);
 
    SCLogAddFGFilterBL(NULL, "dummy1", -1);
    SCLogAddFGFilterBL(NULL, "dummy2", -1);
 
    FAIL_IF_NOT(SCLogPrintFGFilters() == 5);
 
    SCLogDeInitLogModule();
 
    PASS;
}
 
static int SCLogTestInit04(void)
{
    SCLogInitLogModule(NULL);
 
    SCLogAddFDFilter("bamboo");
    SCLogAddFDFilter("soo");
    SCLogAddFDFilter("foo");
    SCLogAddFDFilter("roo");
 
    FAIL_IF_NOT(SCLogPrintFDFilters() == 4);
 
    SCLogAddFDFilter("loo");
    SCLogAddFDFilter("soo");
 
    FAIL_IF_NOT(SCLogPrintFDFilters() == 5);
 
    SCLogRemoveFDFilter("bamboo");
    SCLogRemoveFDFilter("soo");
    SCLogRemoveFDFilter("foo");
    SCLogRemoveFDFilter("noo");
 
    FAIL_IF_NOT(SCLogPrintFDFilters() == 2);
 
    SCLogDeInitLogModule();
 
    PASS;
}
 
static int SCLogTestInit05(void)
{
    char str[4096];
    memset(str, 'A', sizeof(str));
    SCLogInfo("%s", str);
 
    PASS;
}
 
#endif /* UNITTESTS */
 
void SCLogRegisterTests(void)
{
 
#ifdef UNITTESTS
 
    UtRegisterTest("SCLogTestInit01", SCLogTestInit01);
    UtRegisterTest("SCLogTestInit02", SCLogTestInit02);
    UtRegisterTest("SCLogTestInit03", SCLogTestInit03);
    UtRegisterTest("SCLogTestInit04", SCLogTestInit04);
    UtRegisterTest("SCLogTestInit05", SCLogTestInit05);
 
#endif /* UNITTESTS */
 
   return;
}