An example of how logging could be configured from the log file.

16 years ago · 28cad3429c
parent 90c46ee2c9
commit 28cad3429c
5 changed files with 62 additions and 0 deletions
--- a/src/suricata.c
+++ b/src/suricata.c
@ -428,6 +428,10 @@ int main(int argc, char **argv)
        exit(EXIT_SUCCESS);
    }

+    /* Since our config is now loaded we can finish configurating the
+     * logging module. */
+    SCLogLoadConfig();
+
    if (mode == MODE_UNKNOWN) {
        usage(argv[0]);
        exit(EXIT_FAILURE);
--- a/src/util-debug.c
+++ b/src/util-debug.c
@ -1000,6 +1000,60 @@ void SCLogInitLogModule(SCLogInitData *sc_lid)
    return;
 }

+void SCLogLoadConfig(void)
+{
+    ConfNode *outputs;
+
+    outputs = ConfGetNode("logging.output");
+    if (outputs == NULL) {
+        SCLogDebug("No logging.output configuration section found.");
+        return;
+    }
+
+    /* Process each output. */
+    ConfNode *output;
+    TAILQ_FOREACH(output, &outputs->head, next) {
+        ConfNode *param;
+        char *interface = NULL;
+        char *log_level = NULL;
+        char *facility = NULL;
+        char *filename = NULL;
+        char *format = NULL;
+
+        interface = ConfNodeLookupChildValue(output, "interface");
+        if (interface == NULL) {
+            /* No interface in this item, ignore. */
+            continue;
+        }
+        if (SCMapEnumNameToValue(interface, sc_log_op_iface_map) < 0) {
+            SCLogError(SC_INVALID_ARGUMENT,
+                "Invalid logging interface: %s", interface);
+            exit(EXIT_FAILURE);
+        }
+
+        /* Any output may have a log-level set. */
+        log_level = ConfNodeLookupChildValue(output, "log-level");
+
+        /* Any output may have a format set. */
+        format = ConfNodeLookupChildValue(output, "format");
+
+        if (strcmp(interface, "console") == 0) {
+            /* No other lookups required for console logging. */
+            printf("Setting up console logging: log_level=%s.\n",
+                log_level);
+        }
+        else if (strcmp(interface, "syslog") == 0) {
+            facility = ConfNodeLookupChildValue(output, "facility");
+            printf("Setting up syslog logging: log_level=%s, facility=%s.\n",
+                log_level, facility);
+        }
+        else {
+            SCLogWarning(SC_UNIMPLEMENTED,
+                "Ignoring unknown logging interface: %s", interface);
+        }
+    }
+}
+
 /**
 * \brief Initializes the logging module if the environment variables are set.
 *        Used at the start of the engine, for cases, where there is an error
--- a/src/util-debug.h
+++ b/src/util-debug.h
@ -511,4 +511,6 @@ int SCLogDebugEnabled(void);

 void SCLogRegisterTests(void);

+void SCLogLoadConfig(void);
+
 #endif /* __UTIL_DEBUG_H__ */
--- a/src/util-error.c
+++ b/src/util-error.c
@ -52,6 +52,7 @@ const char * SCErrorToString(SCError err)
        CASE_CODE (SC_ERR_POOL_EMPTY);
        CASE_CODE (SC_ERR_REASSEMBLY_FAILED);
        CASE_CODE (SC_ERR_POOL_INIT_FAILED);
+        CASE_CODE (SC_UNIMPLEMENTED);
        default:
            return "UNKNOWN_ERROR";
    }
--- a/src/util-error.h
+++ b/src/util-error.h
@ -64,6 +64,7 @@ typedef enum {
    SC_NFQ_SET_VERDICT,
    SC_NFQ_THREAD_INIT,
    SC_ERR_DAEMON,
+    SC_UNIMPLEMENTED,
 } SCError;

 const char *SCErrorToString(SCError);