aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

devguide: more on low level logging

Browse Source 
Use the extending/output section to introduce the low level logging
API.

Ticket: #7227
pull/11689/head
Jason Ish 10 months ago committed by Victor Julien
parent a2779ac916
commit bb128e3959
3 changed files with 46 additions and 7 deletions
Show Stats Download Patch File Download Diff File

47
doc/userguide/devguide/extending/output/index.rst
Unescape Escape View File

@ -1,7 +1,48 @@
Output Output
====== ======
Introduction Low Level Logging
------------ -----------------
Extending Suricata's alert and event output. Suricata's alert, protocol, and other types of output are built up
from a set of low level loggers. These loggers include:
- Packet logging (alerts)
- Flow logging
- Transaction logging (application layer)
- File information logging
- File data logging (file extraction)
- Statistics
These low level logging facilities are used to build up Suricata's
logging include EVE, but they can also be hooked into by plugins or
applications using Suricata as a library.
.. note:: At this time only a C API exists to hook into the low level
logging functions.
The Suricata source code contains an example plugin demonstrating how
to hook into some of these APIs. See
https://github.com/OISF/suricata/blob/master/examples/plugins/c-custom-loggers/custom-logger.c.
Packet Logging
~~~~~~~~~~~~~~
Packet loggers can be registered with the
``SCOutputRegisterPacketLogger`` function:
.. literalinclude:: ../../../../../src/output-packet.h
:language: c
:start-at: /** \brief Register a packet logger
:end-at: );
Flow Logging
~~~~~~~~~~~~
Flow loggers can be registered with the ``SCOutputRegisterFlowLogger``
function:
.. literalinclude:: ../../../../../src/output-flow.h
:language: c
:start-at: /** \brief Register a flow logger
:end-at: );

3
src/output-flow.h
Unescape Escape View File

@ -35,8 +35,7 @@
*/ */
typedef int (*FlowLogger)(ThreadVars *, void *thread_data, Flow *f); typedef int (*FlowLogger)(ThreadVars *, void *thread_data, Flow *f);
/** /** \brief Register a flow logger.
* \brief Register a flow logger.
* *
* \param name An informational name for this logger. Used only for * \param name An informational name for this logger. Used only for
* debugging. * debugging.

3
src/output-packet.h
Unescape Escape View File

@ -42,8 +42,7 @@ typedef int (*PacketLogger)(ThreadVars *, void *thread_data, const Packet *);
*/ */
typedef bool (*PacketLogCondition)(ThreadVars *, void *thread_data, const Packet *); typedef bool (*PacketLogCondition)(ThreadVars *, void *thread_data, const Packet *);
/** /** \brief Register a packet logger.
* \brief Register a packet logger.
* *
* \param logger_id An ID used to distinguish this logger from others * \param logger_id An ID used to distinguish this logger from others
* while profiling. * while profiling.

Write Preview
Loading…
Cancel
Save