aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output/null: Add the null output device

Browse Source 
This commit adds the null output device; to use, set the filetype
to "nullsink" for each output that should discard and never persist
logs/alerts/etc.

This is implemented as an "internal eve output plugin" just like the
syslog eve output type.
pull/9816/head
Jeff Lucovsky 2 years ago committed by Victor Julien
parent 9865164e75
commit ad96382cf2
4 changed files with 116 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
src/Makefile.am
Unescape Escape View File

@ -386,6 +386,7 @@ noinst_HEADERS = \
log-tlslog.h \ log-tlslog.h \
log-tlsstore.h \ log-tlsstore.h \
output-eve-stream.h \ output-eve-stream.h \
output-eve-null.h \
output-filedata.h \ output-filedata.h \
output-file.h \ output-file.h \
output-filestore.h \ output-filestore.h \
@ -1039,6 +1040,7 @@ libsuricata_c_a_SOURCES = \
output-json-tftp.c \ output-json-tftp.c \
output-json-tls.c \ output-json-tls.c \
output-eve-syslog.c \ output-eve-syslog.c \
output-eve-null.c \
output-lua.c \ output-lua.c \
output-packet.c \ output-packet.c \
output-stats.c \ output-stats.c \

85
src/output-eve-null.c
Unescape Escape View File

@ -0,0 +1,85 @@
/* Copyright (C) 2023 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Jeff Lucovsky <jlucovsky@oisf.net>
*
* File-like output for logging: null/discard device
*/
#include "suricata-common.h" /* errno.h, string.h, etc. */
#include "output.h" /* DEFAULT_LOG_* */
#include "output-eve-null.h"
#ifdef OS_WIN32
void NullLogInitialize(void)
{
}
#else /* !OS_WIN32 */
#define OUTPUT_NAME "nullsink"
static int NullLogInit(ConfNode *conf, bool threaded, void **init_data)
{
*init_data = NULL;
return 0;
}
static int NullLogWrite(const char *buffer, int buffer_len, void *init_data, void *thread_data)
{
return 0;
}
static int NullLogThreadInit(void *init_data, int thread_id, void **thread_data)
{
*thread_data = NULL;
return 0;
}
static int NullLogThreadDeInit(void *init_data, void *thread_data)
{
return 0;
}
static void NullLogDeInit(void *init_data)
{
}
void NullLogInitialize(void)
{
SCLogDebug("Registering the %s logger", OUTPUT_NAME);
SCEveFileType *file_type = SCCalloc(1, sizeof(SCEveFileType));
if (file_type == NULL) {
FatalError("Unable to allocate memory for eve file type %s", OUTPUT_NAME);
}
file_type->name = OUTPUT_NAME;
file_type->Init = NullLogInit;
file_type->Deinit = NullLogDeInit;
file_type->Write = NullLogWrite;
file_type->ThreadInit = NullLogThreadInit;
file_type->ThreadDeinit = NullLogThreadDeInit;
if (!SCRegisterEveFileType(file_type)) {
FatalError("Failed to register EVE file type: %s", OUTPUT_NAME);
}
}
#endif /* !OS_WIN32 */

25
src/output-eve-null.h
Unescape Escape View File

@ -0,0 +1,25 @@
/* Copyright (C) 2023 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Jeff Lucovsky <jlucovsky@oisf.net>
*
* File-like output for logging: null/discard device
*/
void NullLogInitialize(void);

4
src/output-json.c
Unescape Escape View File

@ -47,7 +47,10 @@
#include "app-layer-parser.h" #include "app-layer-parser.h"
#include "util-classification-config.h" #include "util-classification-config.h"
#include "util-syslog.h" #include "util-syslog.h"
/* Internal output plugins */
#include "output-eve-syslog.h" #include "output-eve-syslog.h"
#include "output-eve-null.h"
#include "output.h" #include "output.h"
#include "output-json.h" #include "output-json.h"
@ -98,6 +101,7 @@ void OutputJsonRegister (void)
// Register output file types that use the new eve filetype registration // Register output file types that use the new eve filetype registration
// API. // API.
SyslogInitialize(); SyslogInitialize();
NullLogInitialize();
} }
json_t *SCJsonString(const char *val) json_t *SCJsonString(const char *val)

Write Preview
Loading…
Cancel
Save