static OutputCtx *OutputNFSLogInitSub(ConfNode *conf, OutputCtx *parent_ctx) { AlertJsonThread *ajt = parent_ctx->data; LogNFSFileCtx *nfslog_ctx = SCCalloc(1, sizeof(*nfslog_ctx)); if (unlikely(nfslog_ctx == NULL)) { return NULL; } nfslog_ctx->file_ctx = ajt->file_ctx; OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx)); if (unlikely(output_ctx == NULL)) { SCFree(nfslog_ctx); return NULL; } output_ctx->data = nfslog_ctx; output_ctx->DeInit = OutputNFSLogDeInitCtxSub; SCLogDebug("NFS log sub-module initialized."); AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS); AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS); return output_ctx; }
static OutputCtx *JsonMSSqlLogInitCtx(ConfNode *cn) { static char default_11g_log_filename[] = "mssql.json"; LogFileCtx *file_ctx = LogFileNewCtx(); if (!file_ctx) { SCLogError(SC_ERR_MSSQL_LOG_GENERIC, "could not create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(cn, file_ctx, default_11g_log_filename)) { LogFileFreeCtx(file_ctx); return NULL; } LogMSSqlFileCtx *mssqllog_ctx = SCCalloc(sizeof(*mssqllog_ctx), 1); if (unlikely(!mssqllog_ctx )) { LogFileFreeCtx(file_ctx); return NULL; } mssqllog_ctx->file_ctx = file_ctx; OutputCtx *octx = SCCalloc(1, sizeof(*octx)); if (unlikely(!octx)) { LogFileFreeCtx(file_ctx); SCFree(mssqllog_ctx); return NULL; } octx->data = mssqllog_ctx; octx->DeInit = LogMSSqlLogDeinitCtx; SCLogDebug("mssql json log output initialized"); AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MSSQL); return octx; }
OutputCtx *OutputHttpLogInitSub(ConfNode *conf, OutputCtx *parent_ctx) { AlertJsonThread *ajt = parent_ctx->data; LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx)); if (unlikely(http_ctx == NULL)) return NULL; OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { SCFree(http_ctx); return NULL; } http_ctx->file_ctx = ajt->file_ctx; http_ctx->flags = LOG_HTTP_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { http_ctx->flags = LOG_HTTP_EXTENDED; } } } output_ctx->data = http_ctx; output_ctx->DeInit = NULL; /* enable the logger for the app layer */ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP); return output_ctx; }
static OutputInitResult OutputIKEv2LogInitSub(ConfNode *conf, OutputCtx *parent_ctx) { OutputInitResult result = { NULL, false }; OutputJsonCtx *ajt = parent_ctx->data; LogIKEv2FileCtx *ikev2log_ctx = SCCalloc(1, sizeof(*ikev2log_ctx)); if (unlikely(ikev2log_ctx == NULL)) { return result; } ikev2log_ctx->file_ctx = ajt->file_ctx; ikev2log_ctx->cfg = ajt->cfg; OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx)); if (unlikely(output_ctx == NULL)) { SCFree(ikev2log_ctx); return result; } output_ctx->data = ikev2log_ctx; output_ctx->DeInit = OutputIKEv2LogDeInitCtxSub; SCLogDebug("IKEv2 log sub-module initialized."); AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKEV2); result.ctx = output_ctx; result.ok = true; return result; }
static OutputCtx *InitCtx(ConfNode *conf, AppProto proto, const char *dft_name) { LogFileCtx *ctx = LogFileNewCtx(); if (ctx == NULL) { SCLogError(SC_ERR_JONS_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, ctx, dft_name) < 0) { LogFileFreeCtx(ctx); return NULL; } DBJsonLogCtx *jctx = SCCalloc(sizeof(*jctx) , 1); if (unlikely(jctx == NULL)) { LogFileFreeCtx(ctx); return NULL; } jctx->ctx = ctx; OutputCtx *octx = SCCalloc(1, sizeof(*octx)); if (unlikely(octx == NULL)) { LogFileFreeCtx(ctx); SCFree(jctx); return NULL; } octx->data = jctx; octx->DeInit = DeinitCtx; SCLogDebug("log output initialized"); AppLayerParserRegisterLogger(IPPROTO_TCP, proto); return octx; }
OutputCtx *OutputTlsLogInitSub(ConfNode *conf, OutputCtx *parent_ctx) { OutputJsonCtx *ojc = parent_ctx->data; OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx)); if (unlikely(tls_ctx == NULL)) return NULL; OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { SCFree(tls_ctx); return NULL; } tls_ctx->file_ctx = ojc->file_ctx; tls_ctx->flags = LOG_TLS_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { tls_ctx->flags = LOG_TLS_EXTENDED; } } } output_ctx->data = tls_ctx; output_ctx->DeInit = OutputTlsLogDeinitSub; AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); return output_ctx; }
/** \brief Create a new tls log LogFileCtx. * \param conf Pointer to ConfNode containing this loggers configuration. * \return NULL if failure, LogFileCtx* to the file_ctx if succesful * */ static OutputCtx *LogTlsLogInitCtx(ConfNode *conf) { if (OutputTlsLoggerEnable() != 0) { SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'tls' logger " "can be enabled"); return NULL; } LogFileCtx* file_ctx = LogFileNewCtx(); if (file_ctx == NULL) { SCLogError(SC_ERR_TLS_LOG_GENERIC, "LogTlsLogInitCtx: Couldn't " "create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { goto filectx_error; } LogTlsFileCtx *tlslog_ctx = SCCalloc(1, sizeof(LogTlsFileCtx)); if (unlikely(tlslog_ctx == NULL)) goto filectx_error; tlslog_ctx->file_ctx = file_ctx; const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended == NULL) { tlslog_ctx->flags |= LOG_TLS_DEFAULT; } else { if (ConfValIsTrue(extended)) { tlslog_ctx->flags |= LOG_TLS_EXTENDED; } } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) goto tlslog_error; output_ctx->data = tlslog_ctx; output_ctx->DeInit = LogTlsLogDeInitCtx; SCLogDebug("TLS log output initialized"); /* enable the logger for the app layer */ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); return output_ctx; tlslog_error: SCFree(tlslog_ctx); filectx_error: LogFileFreeCtx(file_ctx); return NULL; }
OutputCtx *OutputHttpLogInit(ConfNode *conf) { LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) { LogFileFreeCtx(file_ctx); return NULL; } LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx)); if (unlikely(http_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(http_ctx); return NULL; } http_ctx->file_ctx = file_ctx; http_ctx->flags = LOG_HTTP_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { http_ctx->flags = LOG_HTTP_EXTENDED; } } } output_ctx->data = http_ctx; output_ctx->DeInit = NULL; /* enable the logger for the app layer */ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP); return output_ctx; }
OutputCtx *OutputTlsLogInit(ConfNode *conf) { LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_TLS_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx)); if (unlikely(tls_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(tls_ctx); return NULL; } tls_ctx->file_ctx = file_ctx; tls_ctx->flags = LOG_TLS_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { tls_ctx->flags = LOG_TLS_EXTENDED; } } } output_ctx->data = tls_ctx; output_ctx->DeInit = OutputTlsLogDeinit; AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); return output_ctx; }
/** \brief Create a new http log LogFileCtx. * \param conf Pointer to ConfNode containing this loggers configuration. * \return NULL if failure, LogFileCtx* to the file_ctx if succesful * */ OutputCtx *LogHttpLogInitCtx(ConfNode *conf) { LogFileCtx* file_ctx = LogFileNewCtx(); const char *p, *np; uint32_t n; if(file_ctx == NULL) { SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } LogHttpFileCtx *httplog_ctx = SCMalloc(sizeof(LogHttpFileCtx)); if (unlikely(httplog_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } memset(httplog_ctx, 0x00, sizeof(LogHttpFileCtx)); httplog_ctx->file_ctx = file_ctx; httplog_ctx->cf_n=0; const char *extended = ConfNodeLookupChildValue(conf, "extended"); const char *custom = ConfNodeLookupChildValue(conf, "custom"); const char *customformat = ConfNodeLookupChildValue(conf, "customformat"); /* If custom logging format is selected, lets parse it */ if (custom != NULL && customformat != NULL && ConfValIsTrue(custom)) { p=customformat; httplog_ctx->flags |= LOG_HTTP_CUSTOM; for (httplog_ctx->cf_n = 0; httplog_ctx->cf_n < LOG_HTTP_MAXN_NODES-1 && p && *p != '\0'; httplog_ctx->cf_n++){ httplog_ctx->cf_nodes[httplog_ctx->cf_n] = SCMalloc(sizeof(LogHttpCustomFormatNode)); if (httplog_ctx->cf_nodes[httplog_ctx->cf_n] == NULL) { for (n = 0; n < httplog_ctx->cf_n; n++) { SCFree(httplog_ctx->cf_nodes[n]); } LogFileFreeCtx(file_ctx); SCFree(httplog_ctx); return NULL; } httplog_ctx->cf_nodes[httplog_ctx->cf_n]->maxlen = 0; if (*p != '%'){ /* Literal found in format string */ httplog_ctx->cf_nodes[httplog_ctx->cf_n]->type = LOG_HTTP_CF_LITERAL; np = strchr(p, '%'); if (np == NULL){ n = LOG_HTTP_NODE_STRLEN-2; np = NULL; /* End */ }else{ n = np-p; } strlcpy(httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data,p,n+1); p = np; } else { /* Non Literal found in format string */ p++; if (*p == '[') { /* Check if maxlength has been specified (ie: [25]) */ p++; np = strchr(p, ']'); if (np != NULL) { if (np-p > 0 && np-p < 10){ long maxlen = strtol(p,NULL,10); if (maxlen > 0 && maxlen < LOG_HTTP_NODE_MAXOUTPUTLEN) { httplog_ctx->cf_nodes[httplog_ctx->cf_n]->maxlen = (uint32_t) maxlen; } } else { goto parsererror; } p = np + 1; } else { goto parsererror; } } if (*p == '{') { /* Simple format char */ np = strchr(p, '}'); if (np != NULL && np-p > 1 && np-p < LOG_HTTP_NODE_STRLEN-2) { p++; n = np-p; strlcpy(httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data, p, n+1); p = np; } else { goto parsererror; } p++; } else { httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data[0] = '\0'; } httplog_ctx->cf_nodes[httplog_ctx->cf_n]->type = *p; if (*p == '%'){ httplog_ctx->cf_nodes[httplog_ctx->cf_n]->type = LOG_HTTP_CF_LITERAL; strlcpy(httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data, "%", 2); } p++; } } } else { if (extended == NULL) { httplog_ctx->flags |= LOG_HTTP_DEFAULT; } else { if (ConfValIsTrue(extended)) { httplog_ctx->flags |= LOG_HTTP_EXTENDED; } } } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { goto parsererror; } output_ctx->data = httplog_ctx; output_ctx->DeInit = LogHttpLogDeInitCtx; SCLogDebug("HTTP log output initialized"); /* enable the logger for the app layer */ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP); return output_ctx; parsererror: for (n = 0;n < httplog_ctx->cf_n;n++) { SCFree(httplog_ctx->cf_nodes[n]); } LogFileFreeCtx(file_ctx); SCFree(httplog_ctx); SCLogError(SC_ERR_INVALID_ARGUMENT,"Syntax error in custom http log format string."); return NULL; }
/** \brief Create a new http log LogFileCtx. * \param conf Pointer to ConfNode containing this loggers configuration. * \return NULL if failure, LogFileCtx* to the file_ctx if succesful * */ OutputCtx *LogHttpLogInitCtx(ConfNode *conf) { LogFileCtx* file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } LogHttpFileCtx *httplog_ctx = SCMalloc(sizeof(LogHttpFileCtx)); if (unlikely(httplog_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } memset(httplog_ctx, 0x00, sizeof(LogHttpFileCtx)); httplog_ctx->file_ctx = file_ctx; const char *extended = ConfNodeLookupChildValue(conf, "extended"); const char *custom = ConfNodeLookupChildValue(conf, "custom"); const char *customformat = ConfNodeLookupChildValue(conf, "customformat"); /* If custom logging format is selected, lets parse it */ if (custom != NULL && customformat != NULL && ConfValIsTrue(custom)) { httplog_ctx->cf = LogCustomFormatAlloc(); if (!httplog_ctx->cf) { goto errorfree; } httplog_ctx->flags |= LOG_HTTP_CUSTOM; /* Parsing */ if ( ! LogCustomFormatParse(httplog_ctx->cf, customformat)) { goto parsererror; } } else { if (extended == NULL) { httplog_ctx->flags |= LOG_HTTP_DEFAULT; } else { if (ConfValIsTrue(extended)) { httplog_ctx->flags |= LOG_HTTP_EXTENDED; } } } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { goto parsererror; } output_ctx->data = httplog_ctx; output_ctx->DeInit = LogHttpLogDeInitCtx; SCLogDebug("HTTP log output initialized"); /* enable the logger for the app layer */ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP); return output_ctx; parsererror: SCLogError(SC_ERR_INVALID_ARGUMENT,"Syntax error in custom http log format string."); errorfree: LogCustomFormatFree(httplog_ctx->cf); LogFileFreeCtx(file_ctx); SCFree(httplog_ctx); return NULL; }