@ -49,73 +49,39 @@
# include "util-syslog.h" # include "util-syslog.h"
# include "util-optimize.h" # include "util-optimize.h"
# ifndef OS_WIN32
# define DEFAULT_ALERT_SYSLOG_FACILITY_STR "local0" # define DEFAULT_ALERT_SYSLOG_FACILITY_STR "local0"
# define DEFAULT_ALERT_SYSLOG_FACILITY LOG_LOCAL0 # define DEFAULT_ALERT_SYSLOG_FACILITY LOG_LOCAL0
# define DEFAULT_ALERT_SYSLOG_LEVEL LOG_ERR # define DEFAULT_ALERT_SYSLOG_LEVEL LOG_ERR
# define MODULE_NAME "AlertSyslog" # define MODULE_NAME "AlertSyslog"
extern uint8_t engine_mode ; extern uint8_t engine_mode ;
# ifndef OS_WIN32
static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL ; static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL ;
# endif /* OS_WIN32 */
typedef struct AlertSyslogThread_ { typedef struct AlertSyslogThread_ {
/** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
/** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
LogFileCtx * file_ctx ;
LogFileCtx * file_ctx ;
} AlertSyslogThread ; } AlertSyslogThread ;
TmEcode AlertSyslog ( ThreadVars * , Packet * , void * , PacketQueue * , PacketQueue * ) ; /**
TmEcode AlertSyslogIPv4 ( ThreadVars * , Packet * , void * , PacketQueue * , PacketQueue * ) ; * \ brief Function to clear the memory of the output context and closes the
TmEcode AlertSyslogIPv6 ( ThreadVars * , Packet * , void * , PacketQueue * , PacketQueue * ) ; * syslog interface
TmEcode AlertSyslogThreadInit ( ThreadVars * , void * , void * * ) ; *
TmEcode AlertSyslogThreadDeinit ( ThreadVars * , void * ) ; * \ param output_ctx pointer to the output context to be cleared
void AlertSyslogExitPrintStats ( ThreadVars * , void * ) ; */
void AlertSyslogRegisterTests ( void ) ; static void AlertSyslogDeInitCtx ( OutputCtx * output_ctx )
OutputCtx * AlertSyslogInitCtx ( ConfNode * ) ; {
# ifndef OS_WIN32 if ( output_ctx ! = NULL ) {
static void AlertSyslogDeInitCtx ( OutputCtx * ) ; LogFileCtx * logfile_ctx = ( LogFileCtx * ) output_ctx - > data ;
# endif /* OS_WIN32 */ if ( logfile_ctx ! = NULL ) {
LogFileFreeCtx ( logfile_ctx ) ;
/** \brief Function to register the AlertSyslog module */ }
void TmModuleAlertSyslogRegister ( void ) { SCFree ( output_ctx ) ;
# ifndef OS_WIN32 }
tmm_modules [ TMM_ALERTSYSLOG ] . name = MODULE_NAME ;
closelog ( ) ;
tmm_modules [ TMM_ALERTSYSLOG ] . ThreadInit = AlertSyslogThreadInit ;
tmm_modules [ TMM_ALERTSYSLOG ] . Func = AlertSyslog ;
tmm_modules [ TMM_ALERTSYSLOG ] . ThreadExitPrintStats = AlertSyslogExitPrintStats ;
tmm_modules [ TMM_ALERTSYSLOG ] . ThreadDeinit = AlertSyslogThreadDeinit ;
tmm_modules [ TMM_ALERTSYSLOG ] . RegisterTests = NULL ;
tmm_modules [ TMM_ALERTSYSLOG ] . cap_flags = 0 ;
OutputRegisterModule ( MODULE_NAME , " syslog " , AlertSyslogInitCtx ) ;
# endif /* !OS_WIN32 */
}
/** \brief Function to register the AlertSyslog module for IPv4 */
void TmModuleAlertSyslogIPv4Register ( void ) {
# ifndef OS_WIN32
tmm_modules [ TMM_ALERTSYSLOG4 ] . name = " AlertSyslogIPv4 " ;
tmm_modules [ TMM_ALERTSYSLOG4 ] . ThreadInit = AlertSyslogThreadInit ;
tmm_modules [ TMM_ALERTSYSLOG4 ] . Func = AlertSyslogIPv4 ;
tmm_modules [ TMM_ALERTSYSLOG4 ] . ThreadExitPrintStats = AlertSyslogExitPrintStats ;
tmm_modules [ TMM_ALERTSYSLOG4 ] . ThreadDeinit = AlertSyslogThreadDeinit ;
tmm_modules [ TMM_ALERTSYSLOG4 ] . RegisterTests = NULL ;
# endif /* !OS_WIN32 */
}
/** \brief Function to register the AlertSyslog module for IPv6 */
void TmModuleAlertSyslogIPv6Register ( void ) {
# ifndef OS_WIN32
tmm_modules [ TMM_ALERTSYSLOG6 ] . name = " AlertSyslogIPv6 " ;
tmm_modules [ TMM_ALERTSYSLOG6 ] . ThreadInit = AlertSyslogThreadInit ;
tmm_modules [ TMM_ALERTSYSLOG6 ] . Func = AlertSyslogIPv6 ;
tmm_modules [ TMM_ALERTSYSLOG6 ] . ThreadExitPrintStats = AlertSyslogExitPrintStats ;
tmm_modules [ TMM_ALERTSYSLOG6 ] . ThreadDeinit = AlertSyslogThreadDeinit ;
tmm_modules [ TMM_ALERTSYSLOG6 ] . RegisterTests = NULL ;
# endif /* !OS_WIN32 */
} }
# ifndef OS_WIN32
/**
/**
* \ brief Create a new LogFileCtx for " syslog " output style .
* \ brief Create a new LogFileCtx for " syslog " output style .
*
*
@ -172,24 +138,6 @@ OutputCtx *AlertSyslogInitCtx(ConfNode *conf)
return output_ctx ;
return output_ctx ;
} }
/**
* \ brief Function to clear the memory of the output context and closes the
* syslog interface
*
* \ param output_ctx pointer to the output context to be cleared
*/
static void AlertSyslogDeInitCtx ( OutputCtx * output_ctx )
{
if ( output_ctx ! = NULL ) {
LogFileCtx * logfile_ctx = ( LogFileCtx * ) output_ctx - > data ;
if ( logfile_ctx ! = NULL ) {
LogFileFreeCtx ( logfile_ctx ) ;
}
SCFree ( output_ctx ) ;
}
closelog ( ) ;
}
/**
/**
* \ brief Function to initialize the AlertSystlogThread and sets the output
* \ brief Function to initialize the AlertSystlogThread and sets the output
* context pointer
* context pointer
@ -198,7 +146,7 @@ static void AlertSyslogDeInitCtx(OutputCtx *output_ctx)
* \ param initdata Pointer to the output context
* \ param initdata Pointer to the output context
* \ param data pointer to pointer to point to the AlertSyslogThread
* \ param data pointer to pointer to point to the AlertSyslogThread
*/
*/
TmEcode AlertSyslogThreadInit ( ThreadVars * t , void * initdata , void * * data ) static TmEcode AlertSyslogThreadInit ( ThreadVars * t , void * initdata , void * * data )
{ {
if ( initdata = = NULL ) {
if ( initdata = = NULL ) {
SCLogDebug ( " Error getting context for AlertSyslog. \" initdata \" "
SCLogDebug ( " Error getting context for AlertSyslog. \" initdata \" "
@ -225,7 +173,7 @@ TmEcode AlertSyslogThreadInit(ThreadVars *t, void *initdata, void **data)
* \ param tv Pointer to the threadvars
* \ param tv Pointer to the threadvars
* \ param data pointer to the AlertSyslogThread to be cleared
* \ param data pointer to the AlertSyslogThread to be cleared
*/
*/
TmEcode AlertSyslogThreadDeinit ( ThreadVars * t , void * data ) static TmEcode AlertSyslogThreadDeinit ( ThreadVars * t , void * data )
{ {
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
if ( ast = = NULL ) {
if ( ast = = NULL ) {
@ -250,7 +198,7 @@ TmEcode AlertSyslogThreadDeinit(ThreadVars *t, void *data)
*
*
* \ return On succes return TM_ECODE_OK
* \ return On succes return TM_ECODE_OK
*/
*/
TmEcode AlertSyslogIPv4 ( ThreadVars * tv , Packet * p , void * data , PacketQueue * pq , static TmEcode AlertSyslogIPv4 ( ThreadVars * tv , Packet * p , void * data , PacketQueue * pq ,
PacketQueue * postpq )
PacketQueue * postpq )
{ {
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
@ -311,7 +259,7 @@ TmEcode AlertSyslogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
*
*
* \ return On succes return TM_ECODE_OK
* \ return On succes return TM_ECODE_OK
*/
*/
TmEcode AlertSyslogIPv6 ( ThreadVars * tv , Packet * p , void * data , PacketQueue * pq , static TmEcode AlertSyslogIPv6 ( ThreadVars * tv , Packet * p , void * data , PacketQueue * pq ,
PacketQueue * postpq )
PacketQueue * postpq )
{ {
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
@ -375,7 +323,7 @@ TmEcode AlertSyslogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
*
*
* \ return On succes return TM_ECODE_OK
* \ return On succes return TM_ECODE_OK
*/
*/
TmEcode AlertSyslogDecoderEvent ( ThreadVars * tv , Packet * p , void * data , static TmEcode AlertSyslogDecoderEvent ( ThreadVars * tv , Packet * p , void * data ,
PacketQueue * pq , PacketQueue * postpq )
PacketQueue * pq , PacketQueue * postpq )
{ {
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
@ -441,7 +389,7 @@ TmEcode AlertSyslogDecoderEvent(ThreadVars *tv, Packet *p, void *data,
*
*
* \ return On succes return TM_ECODE_OK
* \ return On succes return TM_ECODE_OK
*/
*/
TmEcode AlertSyslog ( ThreadVars * tv , Packet * p , void * data , PacketQueue * pq , static TmEcode AlertSyslog ( ThreadVars * tv , Packet * p , void * data , PacketQueue * pq ,
PacketQueue * postpq )
PacketQueue * postpq )
{ {
if ( PKT_IS_IPV4 ( p ) ) {
if ( PKT_IS_IPV4 ( p ) ) {
@ -461,7 +409,7 @@ TmEcode AlertSyslog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
* \ param tv Pointer to the output threadvars
* \ param tv Pointer to the output threadvars
* \ param data Pointer to the AlertSyslogThread data
* \ param data Pointer to the AlertSyslogThread data
*/
*/
void AlertSyslogExitPrintStats ( ThreadVars * tv , void * data ) { static void AlertSyslogExitPrintStats ( ThreadVars * tv , void * data ) {
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
AlertSyslogThread * ast = ( AlertSyslogThread * ) data ;
if ( ast = = NULL ) {
if ( ast = = NULL ) {
return ;
return ;
@ -471,3 +419,17 @@ void AlertSyslogExitPrintStats(ThreadVars *tv, void *data) {
} }
# endif /* !OS_WIN32 */ # endif /* !OS_WIN32 */
/** \brief Function to register the AlertSyslog module */
void TmModuleAlertSyslogRegister ( void ) {
# ifndef OS_WIN32
tmm_modules [ TMM_ALERTSYSLOG ] . name = MODULE_NAME ;
tmm_modules [ TMM_ALERTSYSLOG ] . ThreadInit = AlertSyslogThreadInit ;
tmm_modules [ TMM_ALERTSYSLOG ] . Func = AlertSyslog ;
tmm_modules [ TMM_ALERTSYSLOG ] . ThreadExitPrintStats = AlertSyslogExitPrintStats ;
tmm_modules [ TMM_ALERTSYSLOG ] . ThreadDeinit = AlertSyslogThreadDeinit ;
tmm_modules [ TMM_ALERTSYSLOG ] . RegisterTests = NULL ;
tmm_modules [ TMM_ALERTSYSLOG ] . cap_flags = 0 ;
OutputRegisterModule ( MODULE_NAME , " syslog " , AlertSyslogInitCtx ) ;
# endif /* !OS_WIN32 */
}
Victor Julien
12 years ago