static OutputInitResult OutputFlowLogInit(ConfNode *conf) { OutputInitResult result = { NULL, false }; LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_FLOW_LOG_GENERIC, "couldn't create new file_ctx"); return result; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return result; } LogJsonFileCtx *flow_ctx = SCMalloc(sizeof(LogJsonFileCtx)); if (unlikely(flow_ctx == NULL)) { LogFileFreeCtx(file_ctx); return result; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(flow_ctx); return result; } flow_ctx->file_ctx = file_ctx; output_ctx->data = flow_ctx; output_ctx->DeInit = OutputFlowLogDeinit; result.ctx = output_ctx; result.ok = true; return result; }
OutputCtx *OutputNetFlowLogInit(ConfNode *conf) { SCLogInfo("hi"); LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_NETFLOW_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } LogJsonFileCtx *flow_ctx = SCMalloc(sizeof(LogJsonFileCtx)); if (unlikely(flow_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(flow_ctx); return NULL; } flow_ctx->file_ctx = file_ctx; output_ctx->data = flow_ctx; output_ctx->DeInit = OutputNetFlowLogDeinit; return output_ctx; }
static OutputCtx *InitCtx(ConfNode *conf, AppProto proto, const char *dft_name) { LogFileCtx *ctx = LogFileNewCtx(); if (ctx == NULL) { SCLogError(SC_ERR_JONS_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, ctx, dft_name) < 0) { LogFileFreeCtx(ctx); return NULL; } DBJsonLogCtx *jctx = SCCalloc(sizeof(*jctx) , 1); if (unlikely(jctx == NULL)) { LogFileFreeCtx(ctx); return NULL; } jctx->ctx = ctx; OutputCtx *octx = SCCalloc(1, sizeof(*octx)); if (unlikely(octx == NULL)) { LogFileFreeCtx(ctx); SCFree(jctx); return NULL; } octx->data = jctx; octx->DeInit = DeinitCtx; SCLogDebug("log output initialized"); AppLayerParserRegisterLogger(IPPROTO_TCP, proto); return octx; }
/** * \brief Create a new LogFileCtx for "drop" output style. * \param conf The configuration node for this output. * \return A LogFileCtx pointer on success, NULL on failure. */ static OutputCtx *LogDropLogInitCtx(ConfNode *conf) { if (OutputDropLoggerEnable() != 0) { SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'drop' logger " "can be enabled"); return NULL; } LogFileCtx *logfile_ctx = LogFileNewCtx(); if (logfile_ctx == NULL) { SCLogDebug("LogDropLogInitCtx: Could not create new LogFileCtx"); return NULL; } if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(logfile_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(logfile_ctx); return NULL; } output_ctx->data = logfile_ctx; output_ctx->DeInit = LogDropLogDeInitCtx; return output_ctx; }
static OutputCtx *JsonMSSqlLogInitCtx(ConfNode *cn) { static char default_11g_log_filename[] = "mssql.json"; LogFileCtx *file_ctx = LogFileNewCtx(); if (!file_ctx) { SCLogError(SC_ERR_MSSQL_LOG_GENERIC, "could not create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(cn, file_ctx, default_11g_log_filename)) { LogFileFreeCtx(file_ctx); return NULL; } LogMSSqlFileCtx *mssqllog_ctx = SCCalloc(sizeof(*mssqllog_ctx), 1); if (unlikely(!mssqllog_ctx )) { LogFileFreeCtx(file_ctx); return NULL; } mssqllog_ctx->file_ctx = file_ctx; OutputCtx *octx = SCCalloc(1, sizeof(*octx)); if (unlikely(!octx)) { LogFileFreeCtx(file_ctx); SCFree(mssqllog_ctx); return NULL; } octx->data = mssqllog_ctx; octx->DeInit = LogMSSqlLogDeinitCtx; SCLogDebug("mssql json log output initialized"); AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MSSQL); return octx; }
/** \brief Create a new http log LogFileCtx. * \param conf Pointer to ConfNode containing this loggers configuration. * \return NULL if failure, LogFileCtx* to the file_ctx if succesful * */ OutputCtx *LogStatsLogInitCtx(ConfNode *conf) { LogFileCtx *file_ctx = LogFileNewCtx(); if (file_ctx == NULL) { SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } LogStatsFileCtx *statslog_ctx = SCMalloc(sizeof(LogStatsFileCtx)); if (unlikely(statslog_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } memset(statslog_ctx, 0x00, sizeof(LogStatsFileCtx)); statslog_ctx->flags = LOG_STATS_TOTALS; if (conf != NULL) { const char *totals = ConfNodeLookupChildValue(conf, "totals"); const char *threads = ConfNodeLookupChildValue(conf, "threads"); const char *nulls = ConfNodeLookupChildValue(conf, "null-values"); SCLogDebug("totals %s threads %s", totals, threads); if (totals != NULL && ConfValIsFalse(totals)) { statslog_ctx->flags &= ~LOG_STATS_TOTALS; } if (threads != NULL && ConfValIsTrue(threads)) { statslog_ctx->flags |= LOG_STATS_THREADS; } if (nulls != NULL && ConfValIsTrue(nulls)) { statslog_ctx->flags |= LOG_STATS_NULLS; } SCLogDebug("statslog_ctx->flags %08x", statslog_ctx->flags); } statslog_ctx->file_ctx = file_ctx; OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(statslog_ctx); return NULL; } output_ctx->data = statslog_ctx; output_ctx->DeInit = LogStatsLogDeInitCtx; SCLogDebug("STATS log output initialized"); return output_ctx; }
OutputCtx *OutputStatsLogInit(ConfNode *conf) { LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_STATS_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } OutputStatsCtx *stats_ctx = SCMalloc(sizeof(OutputStatsCtx)); if (unlikely(stats_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } stats_ctx->flags = JSON_STATS_TOTALS; if (conf != NULL) { const char *totals = ConfNodeLookupChildValue(conf, "totals"); const char *threads = ConfNodeLookupChildValue(conf, "threads"); const char *deltas = ConfNodeLookupChildValue(conf, "deltas"); SCLogDebug("totals %s threads %s deltas %s", totals, threads, deltas); if (totals != NULL && ConfValIsFalse(totals)) { stats_ctx->flags &= ~JSON_STATS_TOTALS; } if (threads != NULL && ConfValIsTrue(threads)) { stats_ctx->flags |= JSON_STATS_THREADS; } if (deltas != NULL && ConfValIsTrue(deltas)) { stats_ctx->flags |= JSON_STATS_DELTAS; } SCLogDebug("stats_ctx->flags %08x", stats_ctx->flags); } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(stats_ctx); return NULL; } stats_ctx->file_ctx = file_ctx; output_ctx->data = stats_ctx; output_ctx->DeInit = OutputStatsLogDeinit; return output_ctx; }
OutputCtx *OutputTlsLogInit(ConfNode *conf) { if (OutputTlsLoggerEnable() != 0) { SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'tls' logger " "can be enabled"); return NULL; } LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) { LogFileFreeCtx(file_ctx); return NULL; } OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx)); if (unlikely(tls_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(tls_ctx); return NULL; } tls_ctx->file_ctx = file_ctx; tls_ctx->flags = LOG_TLS_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { tls_ctx->flags = LOG_TLS_EXTENDED; } } } output_ctx->data = tls_ctx; output_ctx->DeInit = OutputTlsLogDeinit; return output_ctx; }
/** * \brief Create a new LogFileCtx for "fast" output style. * \param conf The configuration node for this output. * \return A LogFileCtx pointer on success, NULL on failure. */ OutputCtx *AlertPcapInfoInitCtx(ConfNode *conf) { LogFileCtx *logfile_ctx = LogFileNewCtx(); if (logfile_ctx == NULL) { SCLogDebug("AlertPcapInfoInitCtx2: Could not create new LogFileCtx"); return NULL; } const char *filename = ConfNodeLookupChildValue(conf, "filename"); if (filename == NULL) filename = DEFAULT_LOG_FILENAME; const char *mode = ConfNodeLookupChildValue(conf, "append"); if (mode == NULL) mode = DEFAULT_PCAPINFO_MODE_APPEND; if (AlertPcapInfoOpenFileCtx(logfile_ctx, filename, mode) < 0) { LogFileFreeCtx(logfile_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) return NULL; output_ctx->data = logfile_ctx; output_ctx->DeInit = AlertPcapInfoDeInitCtx; SCLogInfo("Fast log output initialized, filename: %s", filename); return output_ctx; }
static void LogStatsLogDeInitCtx(OutputCtx *output_ctx) { LogStatsFileCtx *statslog_ctx = (LogStatsFileCtx *)output_ctx->data; LogFileFreeCtx(statslog_ctx->file_ctx); SCFree(statslog_ctx); SCFree(output_ctx); }
/** \brief Create a new LogFileCtx for unified alert logging. * \param conf The ConfNode for this output. * \return NULL if failure, LogFileCtx* to the file_ctx if succesful * */ OutputCtx *AlertUnifiedAlertInitCtx(ConfNode *conf) { int ret = 0; LogFileCtx *file_ctx = NULL; file_ctx = LogFileNewCtx(); if (file_ctx == NULL) { SCLogError(SC_ERR_UNIFIED_ALERT_GENERIC, "Couldn't create new file_ctx"); goto error; } const char *filename = NULL; if (conf != NULL) filename = ConfNodeLookupChildValue(conf, "filename"); if (filename == NULL) filename = DEFAULT_LOG_FILENAME; file_ctx->prefix = SCStrdup(filename); const char *s_limit = NULL; uint32_t limit = DEFAULT_LIMIT; if (conf != NULL) { s_limit = ConfNodeLookupChildValue(conf, "limit"); if (s_limit != NULL) { if (ByteExtractStringUint32(&limit, 10, 0, s_limit) == -1) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Fail to initialize unified alert output, invalid limit: %s", s_limit); exit(EXIT_FAILURE); } if (limit < MIN_LIMIT) { SCLogError(SC_ERR_INVALID_ARGUMENT, "Fail to initialize unified alert output, limit less than " "allowed minimum: %d.", MIN_LIMIT); exit(EXIT_FAILURE); } } } file_ctx->size_limit = limit * 1024 * 1024; ret = AlertUnifiedAlertOpenFileCtx(file_ctx, filename); if (ret < 0) goto error; OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (output_ctx == NULL) goto error; output_ctx->data = file_ctx; output_ctx->DeInit = AlertUnifiedAlertDeInitCtx; SCLogInfo("Unified-alert initialized: filename %s, limit %"PRIu32" MB", filename, limit); return output_ctx; error: if (file_ctx != NULL) { LogFileFreeCtx(file_ctx); } return NULL; }
static void JsonAlertLogDeInitCtx(OutputCtx *output_ctx) { SCLogDebug("cleaning up output_ctx"); LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; LogFileFreeCtx(logfile_ctx); SCFree(output_ctx); }
static void OutputJsonDeInitCtx(OutputCtx *output_ctx) { OutputJsonCtx *json_ctx = (OutputJsonCtx *)output_ctx->data; LogFileCtx *logfile_ctx = json_ctx->file_ctx; LogFileFreeCtx(logfile_ctx); SCFree(output_ctx); }
static void LogTlsLogDeInitCtx(OutputCtx *output_ctx) { LogTlsFileCtx *tlslog_ctx = (LogTlsFileCtx *) output_ctx->data; LogFileFreeCtx(tlslog_ctx->file_ctx); SCFree(tlslog_ctx); SCFree(output_ctx); }
static void LogTcpDataLogDeInitCtx(OutputCtx *output_ctx) { LogTcpDataFileCtx *tcpdatalog_ctx = (LogTcpDataFileCtx *)output_ctx->data; LogFileFreeCtx(tcpdatalog_ctx->file_ctx); SCFree(tcpdatalog_ctx); SCFree(output_ctx); }
/** * \internal * * \brief deinit the log ctx and write out the waldo * * \param output_ctx output context to deinit */ static void LogFilestoreLogDeInitCtx(OutputCtx *output_ctx) { LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; LogFileFreeCtx(logfile_ctx); free(output_ctx); }
/** * \internal * * \brief deinit the log ctx and write out the waldo * * \param output_ctx output context to deinit */ static void LogFileLogDeInitCtx(OutputCtx *output_ctx) { LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; OutputUnregisterFileRotationFlag(&logfile_ctx->rotation_flag); LogFileFreeCtx(logfile_ctx); free(output_ctx); }
/** * \brief Create a new LogFileCtx for alert debug logging. * * \param ConfNode containing configuration for this logger. * * \return output_ctx if succesful, NULL otherwise */ static OutputCtx *AlertDebugLogInitCtx(ConfNode *conf) { LogFileCtx *file_ctx = NULL; file_ctx = LogFileNewCtx(); if (file_ctx == NULL) { SCLogDebug("couldn't create new file_ctx"); goto error; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { goto error; } OutputCtx *output_ctx = SCMalloc(sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) goto error; memset(output_ctx, 0x00, sizeof(OutputCtx)); output_ctx->data = file_ctx; output_ctx->DeInit = AlertDebugLogDeInitCtx; SCLogDebug("Alert debug log output initialized"); return output_ctx; error: if (file_ctx != NULL) { LogFileFreeCtx(file_ctx); } return NULL; }
static void OutputFlowLogDeinit(OutputCtx *output_ctx) { LogJsonFileCtx *flow_ctx = output_ctx->data; LogFileCtx *logfile_ctx = flow_ctx->file_ctx; LogFileFreeCtx(logfile_ctx); SCFree(flow_ctx); SCFree(output_ctx); }
static void LogStatsLogDeInitCtx(OutputCtx *output_ctx) { LogStatsFileCtx *statslog_ctx = (LogStatsFileCtx *)output_ctx->data; OutputUnregisterFileRotationFlag(&statslog_ctx->file_ctx->rotation_flag); LogFileFreeCtx(statslog_ctx->file_ctx); SCFree(statslog_ctx); SCFree(output_ctx); }
static void JsonDropLogDeInitCtx(OutputCtx *output_ctx) { OutputDropLoggerDisable(); LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; LogFileFreeCtx(logfile_ctx); SCFree(output_ctx); }
static void JsonDropOutputCtxFree(JsonDropOutputCtx *drop_ctx) { if (drop_ctx != NULL) { if (drop_ctx->file_ctx != NULL) LogFileFreeCtx(drop_ctx->file_ctx); SCFree(drop_ctx); } }
static void LogHttpLogDeInitCtx(OutputCtx *output_ctx) { LogHttpFileCtx *httplog_ctx = (LogHttpFileCtx *)output_ctx->data; LogCustomFormatFree(httplog_ctx->cf); LogFileFreeCtx(httplog_ctx->file_ctx); SCFree(httplog_ctx); SCFree(output_ctx); }
OutputCtx *OutputHttpLogInit(ConfNode *conf) { LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) { LogFileFreeCtx(file_ctx); return NULL; } LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx)); if (unlikely(http_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(http_ctx); return NULL; } http_ctx->file_ctx = file_ctx; http_ctx->flags = LOG_HTTP_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { http_ctx->flags = LOG_HTTP_EXTENDED; } } } output_ctx->data = http_ctx; output_ctx->DeInit = NULL; /* enable the logger for the app layer */ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP); return output_ctx; }
static void OutputTlsLogDeinit(OutputCtx *output_ctx) { OutputTlsCtx *tls_ctx = output_ctx->data; LogFileCtx *logfile_ctx = tls_ctx->file_ctx; LogFileFreeCtx(logfile_ctx); SCFree(tls_ctx); SCFree(output_ctx); }
OutputCtx *OutputTlsLogInit(ConfNode *conf) { LogFileCtx *file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { SCLogError(SC_ERR_TLS_LOG_GENERIC, "couldn't create new file_ctx"); return NULL; } if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) { LogFileFreeCtx(file_ctx); return NULL; } OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx)); if (unlikely(tls_ctx == NULL)) { LogFileFreeCtx(file_ctx); return NULL; } OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx)); if (unlikely(output_ctx == NULL)) { LogFileFreeCtx(file_ctx); SCFree(tls_ctx); return NULL; } tls_ctx->file_ctx = file_ctx; tls_ctx->flags = LOG_TLS_DEFAULT; if (conf) { const char *extended = ConfNodeLookupChildValue(conf, "extended"); if (extended != NULL) { if (ConfValIsTrue(extended)) { tls_ctx->flags = LOG_TLS_EXTENDED; } } } output_ctx->data = tls_ctx; output_ctx->DeInit = OutputTlsLogDeinit; AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS); return output_ctx; }
static void OutputStatsLogDeinit(OutputCtx *output_ctx) { OutputStatsCtx *stats_ctx = output_ctx->data; LogFileCtx *logfile_ctx = stats_ctx->file_ctx; LogFileFreeCtx(logfile_ctx); SCFree(stats_ctx); SCFree(output_ctx); }
static void OutputJsonDeInitCtx(OutputCtx *output_ctx) { OutputJsonCtx *json_ctx = (OutputJsonCtx *)output_ctx->data; LogFileCtx *logfile_ctx = json_ctx->file_ctx; OutputUnregisterFileRotationFlag(&logfile_ctx->rotation_flag); LogFileFreeCtx(logfile_ctx); SCFree(json_ctx); SCFree(output_ctx); }
/** * \internal * * \brief deinit the log ctx and write out the waldo * * \param output_ctx output context to deinit */ static void LogFilestoreLogDeInitCtx(OutputCtx *output_ctx) { LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; LogFileFreeCtx(logfile_ctx); free(output_ctx); if (strlen(g_waldo) > 0) { LogFilestoreLogStoreWaldo(g_waldo); } }
static void AlertDebugLogDeInitCtx(OutputCtx *output_ctx) { if (output_ctx != NULL) { LogFileCtx *logfile_ctx = (LogFileCtx *)output_ctx->data; if (logfile_ctx != NULL) { LogFileFreeCtx(logfile_ctx); } SCFree(output_ctx); } }