mirror of https://github.com/OISF/suricata
devguide: more on low level logging
Use the extending/output section to introduce the low level logging API. Ticket: #7227pull/11689/head
Jason Ish
10 months ago
committed by
Victor Julien
parent
a2779ac916
commit
bb128e3959
@ -1,7 +1,48 @@
|
||||
Output
|
||||
======
|
||||
|
||||
Introduction
|
||||
------------
|
||||
Low Level Logging
|
||||
-----------------
|
||||
|
||||
Extending Suricata's alert and event output.
|
||||
Suricata's alert, protocol, and other types of output are built up
|
||||
from a set of low level loggers. These loggers include:
|
||||
|
||||
- Packet logging (alerts)
|
||||
- Flow logging
|
||||
- Transaction logging (application layer)
|
||||
- File information logging
|
||||
- File data logging (file extraction)
|
||||
- Statistics
|
||||
|
||||
These low level logging facilities are used to build up Suricata's
|
||||
logging include EVE, but they can also be hooked into by plugins or
|
||||
applications using Suricata as a library.
|
||||
|
||||
.. note:: At this time only a C API exists to hook into the low level
|
||||
logging functions.
|
||||
|
||||
The Suricata source code contains an example plugin demonstrating how
|
||||
to hook into some of these APIs. See
|
||||
https://github.com/OISF/suricata/blob/master/examples/plugins/c-custom-loggers/custom-logger.c.
|
||||
|
||||
Packet Logging
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
Packet loggers can be registered with the
|
||||
``SCOutputRegisterPacketLogger`` function:
|
||||
|
||||
.. literalinclude:: ../../../../../src/output-packet.h
|
||||
:language: c
|
||||
:start-at: /** \brief Register a packet logger
|
||||
:end-at: );
|
||||
|
||||
Flow Logging
|
||||
~~~~~~~~~~~~
|
||||
|
||||
Flow loggers can be registered with the ``SCOutputRegisterFlowLogger``
|
||||
function:
|
||||
|
||||
.. literalinclude:: ../../../../../src/output-flow.h
|
||||
:language: c
|
||||
:start-at: /** \brief Register a flow logger
|
||||
:end-at: );
|
||||
|
||||
Loading…
Reference in New Issue