static OutputCtx *OutputNFSLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
AlertJsonThread *ajt = parent_ctx->data;
LogNFSFileCtx *nfslog_ctx = SCCalloc(1, sizeof(*nfslog_ctx));
if (unlikely(nfslog_ctx == NULL)) {
return NULL;
}
nfslog_ctx->file_ctx = ajt->file_ctx;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
SCFree(nfslog_ctx);
return NULL;
}
output_ctx->data = nfslog_ctx;
output_ctx->DeInit = OutputNFSLogDeInitCtxSub;
SCLogDebug("NFS log sub-module initialized.");
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_NFS);
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_NFS);
return output_ctx;
}
static OutputCtx *JsonMSSqlLogInitCtx(ConfNode *cn) {
static char default_11g_log_filename[] = "mssql.json";
LogFileCtx *file_ctx = LogFileNewCtx();
if (!file_ctx) {
SCLogError(SC_ERR_MSSQL_LOG_GENERIC, "could not create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(cn, file_ctx, default_11g_log_filename)) {
LogFileFreeCtx(file_ctx);
return NULL;
}
LogMSSqlFileCtx *mssqllog_ctx = SCCalloc(sizeof(*mssqllog_ctx), 1);
if (unlikely(!mssqllog_ctx )) {
LogFileFreeCtx(file_ctx);
return NULL;
}
mssqllog_ctx->file_ctx = file_ctx;
OutputCtx *octx = SCCalloc(1, sizeof(*octx));
if (unlikely(!octx)) {
LogFileFreeCtx(file_ctx);
SCFree(mssqllog_ctx);
return NULL;
}
octx->data = mssqllog_ctx;
octx->DeInit = LogMSSqlLogDeinitCtx;
SCLogDebug("mssql json log output initialized");
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MSSQL);
return octx;
}
OutputCtx *OutputHttpLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
{
AlertJsonThread *ajt = parent_ctx->data;
LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx));
if (unlikely(http_ctx == NULL))
return NULL;
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
SCFree(http_ctx);
return NULL;
}
http_ctx->file_ctx = ajt->file_ctx;
http_ctx->flags = LOG_HTTP_DEFAULT;
if (conf) {
const char *extended = ConfNodeLookupChildValue(conf, "extended");
if (extended != NULL) {
if (ConfValIsTrue(extended)) {
http_ctx->flags = LOG_HTTP_EXTENDED;
}
}
}
output_ctx->data = http_ctx;
output_ctx->DeInit = NULL;
/* enable the logger for the app layer */
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);
return output_ctx;
}
static OutputInitResult OutputIKEv2LogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
OutputInitResult result = { NULL, false };
OutputJsonCtx *ajt = parent_ctx->data;
LogIKEv2FileCtx *ikev2log_ctx = SCCalloc(1, sizeof(*ikev2log_ctx));
if (unlikely(ikev2log_ctx == NULL)) {
return result;
}
ikev2log_ctx->file_ctx = ajt->file_ctx;
ikev2log_ctx->cfg = ajt->cfg;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
SCFree(ikev2log_ctx);
return result;
}
output_ctx->data = ikev2log_ctx;
output_ctx->DeInit = OutputIKEv2LogDeInitCtxSub;
SCLogDebug("IKEv2 log sub-module initialized.");
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_IKEV2);
result.ctx = output_ctx;
result.ok = true;
return result;
}
static OutputCtx *InitCtx(ConfNode *conf, AppProto proto, const char *dft_name) {
LogFileCtx *ctx = LogFileNewCtx();
if (ctx == NULL) {
SCLogError(SC_ERR_JONS_LOG_GENERIC, "couldn't create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(conf, ctx, dft_name) < 0) {
LogFileFreeCtx(ctx);
return NULL;
}
DBJsonLogCtx *jctx = SCCalloc(sizeof(*jctx) , 1);
if (unlikely(jctx == NULL)) {
LogFileFreeCtx(ctx);
return NULL;
}
jctx->ctx = ctx;
OutputCtx *octx = SCCalloc(1, sizeof(*octx));
if (unlikely(octx == NULL)) {
LogFileFreeCtx(ctx);
SCFree(jctx);
return NULL;
}
octx->data = jctx;
octx->DeInit = DeinitCtx;
SCLogDebug("log output initialized");
AppLayerParserRegisterLogger(IPPROTO_TCP, proto);
return octx;
}
OutputCtx *OutputTlsLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
{
OutputJsonCtx *ojc = parent_ctx->data;
OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx));
if (unlikely(tls_ctx == NULL))
return NULL;
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
SCFree(tls_ctx);
return NULL;
}
tls_ctx->file_ctx = ojc->file_ctx;
tls_ctx->flags = LOG_TLS_DEFAULT;
if (conf) {
const char *extended = ConfNodeLookupChildValue(conf, "extended");
if (extended != NULL) {
if (ConfValIsTrue(extended)) {
tls_ctx->flags = LOG_TLS_EXTENDED;
}
}
}
output_ctx->data = tls_ctx;
output_ctx->DeInit = OutputTlsLogDeinitSub;
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
return output_ctx;
}
/** \brief Create a new tls log LogFileCtx.
* \param conf Pointer to ConfNode containing this loggers configuration.
* \return NULL if failure, LogFileCtx* to the file_ctx if succesful
* */
static OutputCtx *LogTlsLogInitCtx(ConfNode *conf)
{
if (OutputTlsLoggerEnable() != 0) {
SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'tls' logger "
"can be enabled");
return NULL;
}
LogFileCtx* file_ctx = LogFileNewCtx();
if (file_ctx == NULL) {
SCLogError(SC_ERR_TLS_LOG_GENERIC, "LogTlsLogInitCtx: Couldn't "
"create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
goto filectx_error;
}
LogTlsFileCtx *tlslog_ctx = SCCalloc(1, sizeof(LogTlsFileCtx));
if (unlikely(tlslog_ctx == NULL))
goto filectx_error;
tlslog_ctx->file_ctx = file_ctx;
const char *extended = ConfNodeLookupChildValue(conf, "extended");
if (extended == NULL) {
tlslog_ctx->flags |= LOG_TLS_DEFAULT;
} else {
if (ConfValIsTrue(extended)) {
tlslog_ctx->flags |= LOG_TLS_EXTENDED;
}
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL))
goto tlslog_error;
output_ctx->data = tlslog_ctx;
output_ctx->DeInit = LogTlsLogDeInitCtx;
SCLogDebug("TLS log output initialized");
/* enable the logger for the app layer */
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
return output_ctx;
tlslog_error:
SCFree(tlslog_ctx);
filectx_error:
LogFileFreeCtx(file_ctx);
return NULL;
}
OutputCtx *OutputHttpLogInit(ConfNode *conf)
{
LogFileCtx *file_ctx = LogFileNewCtx();
if(file_ctx == NULL) {
SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) {
LogFileFreeCtx(file_ctx);
return NULL;
}
LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx));
if (unlikely(http_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
return NULL;
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
SCFree(http_ctx);
return NULL;
}
http_ctx->file_ctx = file_ctx;
http_ctx->flags = LOG_HTTP_DEFAULT;
if (conf) {
const char *extended = ConfNodeLookupChildValue(conf, "extended");
if (extended != NULL) {
if (ConfValIsTrue(extended)) {
http_ctx->flags = LOG_HTTP_EXTENDED;
}
}
}
output_ctx->data = http_ctx;
output_ctx->DeInit = NULL;
/* enable the logger for the app layer */
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);
return output_ctx;
}
OutputCtx *OutputTlsLogInit(ConfNode *conf)
{
LogFileCtx *file_ctx = LogFileNewCtx();
if(file_ctx == NULL) {
SCLogError(SC_ERR_TLS_LOG_GENERIC, "couldn't create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
LogFileFreeCtx(file_ctx);
return NULL;
}
OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx));
if (unlikely(tls_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
return NULL;
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
SCFree(tls_ctx);
return NULL;
}
tls_ctx->file_ctx = file_ctx;
tls_ctx->flags = LOG_TLS_DEFAULT;
if (conf) {
const char *extended = ConfNodeLookupChildValue(conf, "extended");
if (extended != NULL) {
if (ConfValIsTrue(extended)) {
tls_ctx->flags = LOG_TLS_EXTENDED;
}
}
}
output_ctx->data = tls_ctx;
output_ctx->DeInit = OutputTlsLogDeinit;
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);
return output_ctx;
}
/** \brief Create a new http log LogFileCtx.
* \param conf Pointer to ConfNode containing this loggers configuration.
* \return NULL if failure, LogFileCtx* to the file_ctx if succesful
* */
OutputCtx *LogHttpLogInitCtx(ConfNode *conf)
{
LogFileCtx* file_ctx = LogFileNewCtx();
const char *p, *np;
uint32_t n;
if(file_ctx == NULL) {
SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
LogFileFreeCtx(file_ctx);
return NULL;
}
LogHttpFileCtx *httplog_ctx = SCMalloc(sizeof(LogHttpFileCtx));
if (unlikely(httplog_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
return NULL;
}
memset(httplog_ctx, 0x00, sizeof(LogHttpFileCtx));
httplog_ctx->file_ctx = file_ctx;
httplog_ctx->cf_n=0;
const char *extended = ConfNodeLookupChildValue(conf, "extended");
const char *custom = ConfNodeLookupChildValue(conf, "custom");
const char *customformat = ConfNodeLookupChildValue(conf, "customformat");
/* If custom logging format is selected, lets parse it */
if (custom != NULL && customformat != NULL && ConfValIsTrue(custom)) {
p=customformat;
httplog_ctx->flags |= LOG_HTTP_CUSTOM;
for (httplog_ctx->cf_n = 0; httplog_ctx->cf_n < LOG_HTTP_MAXN_NODES-1 && p && *p != '\0';
httplog_ctx->cf_n++){
httplog_ctx->cf_nodes[httplog_ctx->cf_n] = SCMalloc(sizeof(LogHttpCustomFormatNode));
if (httplog_ctx->cf_nodes[httplog_ctx->cf_n] == NULL) {
for (n = 0; n < httplog_ctx->cf_n; n++) {
SCFree(httplog_ctx->cf_nodes[n]);
}
LogFileFreeCtx(file_ctx);
SCFree(httplog_ctx);
return NULL;
}
httplog_ctx->cf_nodes[httplog_ctx->cf_n]->maxlen = 0;
if (*p != '%'){
/* Literal found in format string */
httplog_ctx->cf_nodes[httplog_ctx->cf_n]->type = LOG_HTTP_CF_LITERAL;
np = strchr(p, '%');
if (np == NULL){
n = LOG_HTTP_NODE_STRLEN-2;
np = NULL; /* End */
}else{
n = np-p;
}
strlcpy(httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data,p,n+1);
p = np;
} else {
/* Non Literal found in format string */
p++;
if (*p == '[') { /* Check if maxlength has been specified (ie: [25]) */
p++;
np = strchr(p, ']');
if (np != NULL) {
if (np-p > 0 && np-p < 10){
long maxlen = strtol(p,NULL,10);
if (maxlen > 0 && maxlen < LOG_HTTP_NODE_MAXOUTPUTLEN) {
httplog_ctx->cf_nodes[httplog_ctx->cf_n]->maxlen = (uint32_t) maxlen;
}
} else {
goto parsererror;
}
p = np + 1;
} else {
goto parsererror;
}
}
if (*p == '{') { /* Simple format char */
np = strchr(p, '}');
if (np != NULL && np-p > 1 && np-p < LOG_HTTP_NODE_STRLEN-2) {
p++;
n = np-p;
strlcpy(httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data, p, n+1);
p = np;
} else {
goto parsererror;
}
p++;
} else {
httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data[0] = '\0';
}
httplog_ctx->cf_nodes[httplog_ctx->cf_n]->type = *p;
if (*p == '%'){
httplog_ctx->cf_nodes[httplog_ctx->cf_n]->type = LOG_HTTP_CF_LITERAL;
strlcpy(httplog_ctx->cf_nodes[httplog_ctx->cf_n]->data, "%", 2);
}
p++;
}
}
} else {
if (extended == NULL) {
httplog_ctx->flags |= LOG_HTTP_DEFAULT;
} else {
if (ConfValIsTrue(extended)) {
httplog_ctx->flags |= LOG_HTTP_EXTENDED;
}
}
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
goto parsererror;
}
output_ctx->data = httplog_ctx;
output_ctx->DeInit = LogHttpLogDeInitCtx;
SCLogDebug("HTTP log output initialized");
/* enable the logger for the app layer */
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);
return output_ctx;
parsererror:
for (n = 0;n < httplog_ctx->cf_n;n++) {
SCFree(httplog_ctx->cf_nodes[n]);
}
LogFileFreeCtx(file_ctx);
SCFree(httplog_ctx);
SCLogError(SC_ERR_INVALID_ARGUMENT,"Syntax error in custom http log format string.");
return NULL;
}
/** \brief Create a new http log LogFileCtx.
* \param conf Pointer to ConfNode containing this loggers configuration.
* \return NULL if failure, LogFileCtx* to the file_ctx if succesful
* */
OutputCtx *LogHttpLogInitCtx(ConfNode *conf)
{
LogFileCtx* file_ctx = LogFileNewCtx();
if(file_ctx == NULL) {
SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx");
return NULL;
}
if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
LogFileFreeCtx(file_ctx);
return NULL;
}
LogHttpFileCtx *httplog_ctx = SCMalloc(sizeof(LogHttpFileCtx));
if (unlikely(httplog_ctx == NULL)) {
LogFileFreeCtx(file_ctx);
return NULL;
}
memset(httplog_ctx, 0x00, sizeof(LogHttpFileCtx));
httplog_ctx->file_ctx = file_ctx;
const char *extended = ConfNodeLookupChildValue(conf, "extended");
const char *custom = ConfNodeLookupChildValue(conf, "custom");
const char *customformat = ConfNodeLookupChildValue(conf, "customformat");
/* If custom logging format is selected, lets parse it */
if (custom != NULL && customformat != NULL && ConfValIsTrue(custom)) {
httplog_ctx->cf = LogCustomFormatAlloc();
if (!httplog_ctx->cf) {
goto errorfree;
}
httplog_ctx->flags |= LOG_HTTP_CUSTOM;
/* Parsing */
if ( ! LogCustomFormatParse(httplog_ctx->cf, customformat)) {
goto parsererror;
}
} else {
if (extended == NULL) {
httplog_ctx->flags |= LOG_HTTP_DEFAULT;
} else {
if (ConfValIsTrue(extended)) {
httplog_ctx->flags |= LOG_HTTP_EXTENDED;
}
}
}
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
goto parsererror;
}
output_ctx->data = httplog_ctx;
output_ctx->DeInit = LogHttpLogDeInitCtx;
SCLogDebug("HTTP log output initialized");
/* enable the logger for the app layer */
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);
return output_ctx;
parsererror:
SCLogError(SC_ERR_INVALID_ARGUMENT,"Syntax error in custom http log format string.");
errorfree:
LogCustomFormatFree(httplog_ctx->cf);
LogFileFreeCtx(file_ctx);
SCFree(httplog_ctx);
return NULL;
}
