/**
* \brief Attempt to reconnect a disconnected (or never-connected) Unix domain socket.
* \retval 1 if it is now connected; otherwise 0
*/
static int SCLogUnixSocketReconnect(LogFileCtx *log_ctx)
{
int disconnected = 0;
if (log_ctx->fp) {
SCLogWarning(SC_ERR_SOCKET,
"Write error on Unix socket \"%s\": %s; reconnecting...",
log_ctx->filename, strerror(errno));
fclose(log_ctx->fp);
log_ctx->fp = NULL;
log_ctx->reconn_timer = 0;
disconnected = 1;
}
struct timeval tv;
uint64_t now;
gettimeofday(&tv, NULL);
now = (uint64_t)tv.tv_sec * 1000;
now += tv.tv_usec / 1000; /* msec resolution */
if (log_ctx->reconn_timer != 0 &&
(now - log_ctx->reconn_timer) < LOGFILE_RECONN_MIN_TIME) {
/* Don't bother to try reconnecting too often. */
return 0;
}
log_ctx->reconn_timer = now;
log_ctx->fp = SCLogOpenUnixSocketFp(log_ctx->filename, log_ctx->sock_type, 0);
if (log_ctx->fp) {
/* Connected at last (or reconnected) */
SCLogNotice("Reconnected socket \"%s\"", log_ctx->filename);
} else if (disconnected) {
SCLogWarning(SC_ERR_SOCKET, "Reconnect failed: %s (will keep trying)",
strerror(errno));
}
return log_ctx->fp ? 1 : 0;
}
/** \brief open a generic output "log file", which may be a regular file or a socket
* \param conf ConfNode structure for the output section in question
* \param log_ctx Log file context allocated by caller
* \param default_filename Default name of file to open, if not specified in ConfNode
* \retval 0 on success
* \retval -1 on error
*/
int
SCConfLogOpenGeneric(ConfNode *conf,
LogFileCtx *log_ctx,
const char *default_filename)
{
char log_path[PATH_MAX];
char *log_dir;
const char *filename, *filetype;
// Arg check
if (conf == NULL || log_ctx == NULL || default_filename == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"SCConfLogOpenGeneric(conf %p, ctx %p, default %p) "
"missing an argument",
conf, log_ctx, default_filename);
return -1;
}
if (log_ctx->fp != NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"SCConfLogOpenGeneric: previously initialized Log CTX "
"encountered");
return -1;
}
// Resolve the given config
filename = ConfNodeLookupChildValue(conf, "filename");
if (filename == NULL)
filename = default_filename;
if (ConfGet("default-log-dir", &log_dir) != 1)
log_dir = DEFAULT_LOG_DIR;
if (PathIsAbsolute(filename)) {
snprintf(log_path, PATH_MAX, "%s", filename);
} else {
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
}
filetype = ConfNodeLookupChildValue(conf, "filetype");
if (filetype == NULL)
filetype = DEFAULT_LOG_FILETYPE;
#ifdef __tile__
log_ctx->filetype = regular;
#endif
// Now, what have we been asked to open?
if (strcasecmp(filetype, "unix_stream") == 0) {
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_STREAM);
#ifdef __tile__
log_ctx->filetype = unix_stream;
#endif
} else if (strcasecmp(filetype, "unix_dgram") == 0) {
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_DGRAM);
#ifdef __tile__
log_ctx->filetype = unix_dgram;
#endif
} else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0) {
const char *append;
append = ConfNodeLookupChildValue(conf, "append");
if (append == NULL)
append = DEFAULT_LOG_MODE_APPEND;
log_ctx->fp = SCLogOpenFileFp(log_path, append);
#ifdef __tile__
} else if (strcasecmp(filetype, "tile_pcie") == 0) {
const char *append;
append = ConfNodeLookupChildValue(conf, "append");
if (append == NULL)
append = DEFAULT_LOG_MODE_APPEND;
log_ctx->pcie_ctx = SCLogOpenPcieFileFp(log_path, append);
log_ctx->filetype = tile_pcie;
#endif
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for "
"%s.type. Expected \"regular\" (default), \"unix_stream\" "
"or \"unix_dgram\"",
conf->name);
}
#ifdef __tile__
if (log_ctx->filetype == tile_pcie) {
if (log_ctx->pcie_ctx == NULL)
return -1; // Error already logged by Open...Fp routine
} else {
if (log_ctx->fp == NULL)
return -1; // Error already logged by Open...Fp routine
}
#else
if (log_ctx->fp == NULL)
return -1; // Error already logged by Open...Fp routine
#endif
SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype,
filename);
return 0;
}
/** \brief open a generic output "log file", which may be a regular file or a socket
* \param conf ConfNode structure for the output section in question
* \param log_ctx Log file context allocated by caller
* \param default_filename Default name of file to open, if not specified in ConfNode
* \param rotate Register the file for rotation in HUP.
* \retval 0 on success
* \retval -1 on error
*/
int
SCConfLogOpenGeneric(ConfNode *conf,
LogFileCtx *log_ctx,
const char *default_filename,
int rotate)
{
char log_path[PATH_MAX];
char *log_dir;
const char *filename, *filetype;
// Arg check
if (conf == NULL || log_ctx == NULL || default_filename == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"SCConfLogOpenGeneric(conf %p, ctx %p, default %p) "
"missing an argument",
conf, log_ctx, default_filename);
return -1;
}
if (log_ctx->fp != NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"SCConfLogOpenGeneric: previously initialized Log CTX "
"encountered");
return -1;
}
// Resolve the given config
filename = ConfNodeLookupChildValue(conf, "filename");
if (filename == NULL)
filename = default_filename;
log_dir = ConfigGetLogDirectory();
if (PathIsAbsolute(filename)) {
snprintf(log_path, PATH_MAX, "%s", filename);
} else {
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
}
filetype = ConfNodeLookupChildValue(conf, "filetype");
if (filetype == NULL)
filetype = DEFAULT_LOG_FILETYPE;
const char *append = ConfNodeLookupChildValue(conf, "append");
if (append == NULL)
append = DEFAULT_LOG_MODE_APPEND;
// Now, what have we been asked to open?
if (strcasecmp(filetype, "unix_stream") == 0) {
/* Don't bail. May be able to connect later. */
log_ctx->is_sock = 1;
log_ctx->sock_type = SOCK_STREAM;
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_STREAM, 1);
} else if (strcasecmp(filetype, "unix_dgram") == 0) {
/* Don't bail. May be able to connect later. */
log_ctx->is_sock = 1;
log_ctx->sock_type = SOCK_DGRAM;
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_DGRAM, 1);
} else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0 ||
strcasecmp(filetype, "file") == 0) {
log_ctx->fp = SCLogOpenFileFp(log_path, append);
if (log_ctx->fp == NULL)
return -1; // Error already logged by Open...Fp routine
log_ctx->is_regular = 1;
if (rotate) {
OutputRegisterFileRotationFlag(&log_ctx->rotation_flag);
}
} else if (strcasecmp(filetype, "pcie") == 0) {
log_ctx->pcie_fp = SCLogOpenPcieFp(log_ctx, log_path, append);
if (log_ctx->pcie_fp == NULL)
return -1; // Error already logged by Open...Fp routine
#ifdef HAVE_LIBHIREDIS
} else if (strcasecmp(filetype, "redis") == 0) {
ConfNode *redis_node = ConfNodeLookupChild(conf, "redis");
if (SCConfLogOpenRedis(redis_node, log_ctx) < 0) {
SCLogError(SC_ERR_REDIS, "failed to open redis output");
return -1;
}
log_ctx->type = LOGFILE_TYPE_REDIS;
#endif
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for "
"%s.filetype. Expected \"regular\" (default), \"unix_stream\", "
"\"pcie\" "
"or \"unix_dgram\"",
conf->name);
}
log_ctx->filename = SCStrdup(log_path);
if (unlikely(log_ctx->filename == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC,
"Failed to allocate memory for filename");
return -1;
}
SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype,
filename);
return 0;
}
/** \brief open a generic output "log file", which may be a regular file or a socket
* \param conf ConfNode structure for the output section in question
* \param log_ctx Log file context allocated by caller
* \param default_filename Default name of file to open, if not specified in ConfNode
* \param rotate Register the file for rotation in HUP.
* \retval 0 on success
* \retval -1 on error
*/
int
SCConfLogOpenGeneric(ConfNode *conf,
LogFileCtx *log_ctx,
const char *default_filename,
int rotate)
{
char log_path[PATH_MAX];
const char *log_dir;
const char *filename, *filetype;
// Arg check
if (conf == NULL || log_ctx == NULL || default_filename == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"SCConfLogOpenGeneric(conf %p, ctx %p, default %p) "
"missing an argument",
conf, log_ctx, default_filename);
return -1;
}
if (log_ctx->fp != NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"SCConfLogOpenGeneric: previously initialized Log CTX "
"encountered");
return -1;
}
// Resolve the given config
filename = ConfNodeLookupChildValue(conf, "filename");
if (filename == NULL)
filename = default_filename;
log_dir = ConfigGetLogDirectory();
if (PathIsAbsolute(filename)) {
snprintf(log_path, PATH_MAX, "%s", filename);
} else {
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
}
/* Rotate log file based on time */
const char *rotate_int = ConfNodeLookupChildValue(conf, "rotate-interval");
if (rotate_int != NULL) {
time_t now = time(NULL);
log_ctx->flags |= LOGFILE_ROTATE_INTERVAL;
/* Use a specific time */
if (strcmp(rotate_int, "minute") == 0) {
log_ctx->rotate_time = now + SCGetSecondsUntil(rotate_int, now);
log_ctx->rotate_interval = 60;
} else if (strcmp(rotate_int, "hour") == 0) {
log_ctx->rotate_time = now + SCGetSecondsUntil(rotate_int, now);
log_ctx->rotate_interval = 3600;
} else if (strcmp(rotate_int, "day") == 0) {
log_ctx->rotate_time = now + SCGetSecondsUntil(rotate_int, now);
log_ctx->rotate_interval = 86400;
}
/* Use a timer */
else {
log_ctx->rotate_interval = SCParseTimeSizeString(rotate_int);
if (log_ctx->rotate_interval == 0) {
SCLogError(SC_ERR_INVALID_NUMERIC_VALUE,
"invalid rotate-interval value");
exit(EXIT_FAILURE);
}
log_ctx->rotate_time = now + log_ctx->rotate_interval;
}
}
filetype = ConfNodeLookupChildValue(conf, "filetype");
if (filetype == NULL)
filetype = DEFAULT_LOG_FILETYPE;
const char *filemode = ConfNodeLookupChildValue(conf, "filemode");
uint32_t mode = 0;
if (filemode != NULL &&
ByteExtractStringUint32(&mode, 8, strlen(filemode),
filemode) > 0) {
log_ctx->filemode = mode;
}
const char *append = ConfNodeLookupChildValue(conf, "append");
if (append == NULL)
append = DEFAULT_LOG_MODE_APPEND;
/* JSON flags */
#ifdef HAVE_LIBJANSSON
log_ctx->json_flags = JSON_PRESERVE_ORDER|JSON_COMPACT|
JSON_ENSURE_ASCII|JSON_ESCAPE_SLASH;
ConfNode *json_flags = ConfNodeLookupChild(conf, "json");
if (json_flags != 0) {
const char *preserve_order = ConfNodeLookupChildValue(json_flags,
"preserve-order");
if (preserve_order != NULL && ConfValIsFalse(preserve_order))
log_ctx->json_flags &= ~(JSON_PRESERVE_ORDER);
const char *compact = ConfNodeLookupChildValue(json_flags, "compact");
if (compact != NULL && ConfValIsFalse(compact))
log_ctx->json_flags &= ~(JSON_COMPACT);
const char *ensure_ascii = ConfNodeLookupChildValue(json_flags,
"ensure-ascii");
if (ensure_ascii != NULL && ConfValIsFalse(ensure_ascii))
log_ctx->json_flags &= ~(JSON_ENSURE_ASCII);
const char *escape_slash = ConfNodeLookupChildValue(json_flags,
"escape-slash");
if (escape_slash != NULL && ConfValIsFalse(escape_slash))
log_ctx->json_flags &= ~(JSON_ESCAPE_SLASH);
}
#endif /* HAVE_LIBJANSSON */
// Now, what have we been asked to open?
if (strcasecmp(filetype, "unix_stream") == 0) {
#ifdef BUILD_WITH_UNIXSOCKET
/* Don't bail. May be able to connect later. */
log_ctx->is_sock = 1;
log_ctx->sock_type = SOCK_STREAM;
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_STREAM, 1);
#else
return -1;
#endif
} else if (strcasecmp(filetype, "unix_dgram") == 0) {
#ifdef BUILD_WITH_UNIXSOCKET
/* Don't bail. May be able to connect later. */
log_ctx->is_sock = 1;
log_ctx->sock_type = SOCK_DGRAM;
log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_DGRAM, 1);
#else
return -1;
#endif
} else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0 ||
strcasecmp(filetype, "file") == 0) {
log_ctx->fp = SCLogOpenFileFp(log_path, append, log_ctx->filemode);
if (log_ctx->fp == NULL)
return -1; // Error already logged by Open...Fp routine
log_ctx->is_regular = 1;
if (rotate) {
OutputRegisterFileRotationFlag(&log_ctx->rotation_flag);
}
} else if (strcasecmp(filetype, "pcie") == 0) {
log_ctx->pcie_fp = SCLogOpenPcieFp(log_ctx, log_path, append);
if (log_ctx->pcie_fp == NULL)
return -1; // Error already logged by Open...Fp routine
#ifdef HAVE_LIBHIREDIS
} else if (strcasecmp(filetype, "redis") == 0) {
ConfNode *redis_node = ConfNodeLookupChild(conf, "redis");
if (SCConfLogOpenRedis(redis_node, log_ctx) < 0) {
SCLogError(SC_ERR_REDIS, "failed to open redis output");
return -1;
}
log_ctx->type = LOGFILE_TYPE_REDIS;
#endif
} else {
SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for "
"%s.filetype. Expected \"regular\" (default), \"unix_stream\", "
"\"pcie\" "
"or \"unix_dgram\"",
conf->name);
}
log_ctx->filename = SCStrdup(log_path);
if (unlikely(log_ctx->filename == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC,
"Failed to allocate memory for filename");
return -1;
}
#ifdef BUILD_WITH_UNIXSOCKET
/* If a socket and running live, do non-blocking writes. */
if (log_ctx->is_sock && run_mode_offline == 0) {
SCLogInfo("Setting logging socket of non-blocking in live mode.");
log_ctx->send_flags |= MSG_DONTWAIT;
}
#endif
SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype,
filename);
return 0;
}
