aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- rebase

Browse Source 
Provide limits to the unified outputs.
remotes/origin/master-1.0.x
Jason Ish 16 years ago committed by Victor Julien
parent 16b6f536a0
commit fbdf1baf1c
5 changed files with 103 additions and 11 deletions
Show Stats Download Patch File Download Diff File

34
src/alert-unified-alert.c
Unescape Escape View File

@ -32,12 +32,19 @@
#include "util-time.h"
#include "util-error.h"
#include "util-debug.h"
#include "util-byte.h"
#include "output.h"
#include "alert-unified-alert.h"
#define DEFAULT_LOG_FILENAME "unified.alert"
/**< Default log file limit in MB. */
#define DEFAULT_LIMIT 32
/**< Minimum log file limit in MB. */
#define MIN_LIMIT 1
#define MODULE_NAME "AlertUnifiedAlert"
TmEcode AlertUnifiedAlert (ThreadVars *, Packet *, void *, PacketQueue *);
@ -293,13 +300,34 @@ LogFileCtx *AlertUnifiedAlertInitCtx(ConfNode *conf)
filename = DEFAULT_LOG_FILENAME;
file_ctx->prefix = strdup(filename);
ret = AlertUnifiedAlertOpenFileCtx(file_ctx, filename);
/* XXX make configurable */
file_ctx->size_limit = UNIFIED_FILESIZE_LIMIT;
const char *s_limit = NULL;
uint32_t limit = DEFAULT_LIMIT;
if (conf != NULL) {
s_limit = ConfNodeLookupChildValue(conf, "limit");
if (s_limit != NULL) {
if (ByteExtractStringUint32(&limit, 10, 0, s_limit) == -1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Fail to initialize unified alert output, invalid limit: %s",
s_limit);
exit(EXIT_FAILURE);
}
if (limit < MIN_LIMIT) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Fail to initialize unified alert output, limit less than "
"allowed minimum.");
exit(EXIT_FAILURE);
}
}
}
file_ctx->size_limit = limit * 1024 * 1024;
ret = AlertUnifiedAlertOpenFileCtx(file_ctx, filename);
if (ret < 0)
return NULL;
SCLogInfo("Unified-alert initialized: filename %s, limit %"PRIu32" MB",
filename, limit);
return file_ctx;
}

35
src/alert-unified-log.c
Unescape Escape View File

@ -34,12 +34,19 @@
#include "util-time.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-byte.h"
#include "output.h"
#include "alert-unified-log.h"
#define DEFAULT_LOG_FILENAME "unified.log"
/**< Default log file limit in MB. */
#define DEFAULT_LIMIT 32
/**< Minimum log file limit in MB. */
#define MIN_LIMIT 1
#define MODULE_NAME "AlertUnifiedLog"
TmEcode AlertUnifiedLog (ThreadVars *, Packet *, void *, PacketQueue *);
@ -308,15 +315,37 @@ LogFileCtx *AlertUnifiedLogInitCtx(ConfNode *conf)
}
if (filename == NULL)
filename = DEFAULT_LOG_FILENAME;
file_ctx->prefix = strdup(filename);
file_ctx->size_limit = UNIFIED_FILESIZE_LIMIT; /* XXX Make configurable. */
ret = AlertUnifiedLogOpenFileCtx(file_ctx, filename);
const char *s_limit = NULL;
uint32_t limit = DEFAULT_LIMIT;
if (conf != NULL) {
s_limit = ConfNodeLookupChildValue(conf, "limit");
if (s_limit != NULL) {
if (ByteExtractStringUint32(&limit, 10, 0, s_limit) == -1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Fail to initialize unified log output, invalid limit: %s",
s_limit);
exit(EXIT_FAILURE);
}
if (limit < MIN_LIMIT) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Fail to initialize unified log output, limit less than "
"allowed minimum.");
exit(EXIT_FAILURE);
}
SCLogDebug("limit set to %"PRIu32, limit);
}
}
file_ctx->size_limit = limit * 1024 * 1024;
ret = AlertUnifiedLogOpenFileCtx(file_ctx, filename);
if (ret < 0)
return NULL;
SCLogInfo("Unified-log initialized: filename %s, limit %"PRIu32" MB",
filename, limit);
return file_ctx;
}

35
src/alert-unified2-alert.c
Unescape Escape View File

@ -21,6 +21,7 @@
#include "util-error.h"
#include "util-debug.h"
#include "util-time.h"
#include "util-byte.h"
#include "output.h"
#include "alert-unified2-alert.h"
@ -31,6 +32,12 @@
#define DEFAULT_LOG_FILENAME "unified2.alert"
/**< Default log file limit in MB. */
#define DEFAULT_LIMIT 32
/**< Minimum log file limit in MB. */
#define MIN_LIMIT 1
/*prototypes*/
TmEcode Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *);
TmEcode Unified2AlertThreadInit(ThreadVars *, void *, void **);
@ -585,14 +592,34 @@ LogFileCtx *Unified2AlertInitCtx(ConfNode *conf)
filename = DEFAULT_LOG_FILENAME;
file_ctx->prefix = strdup(filename);
ret = Unified2AlertOpenFileCtx(file_ctx, filename);
/* XXX make configurable */
file_ctx->size_limit = UNIFIED_FILESIZE_LIMIT;
const char *s_limit = NULL;
uint32_t limit = DEFAULT_LIMIT;
if (conf != NULL) {
s_limit = ConfNodeLookupChildValue(conf, "limit");
if (s_limit != NULL) {
if (ByteExtractStringUint32(&limit, 10, 0, s_limit) == -1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Fail to initialize unified2 output, invalid limit: %s",
s_limit);
exit(EXIT_FAILURE);
}
if (limit < MIN_LIMIT) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Fail to initialize unified2 output, limit less than "
"allowed minimum.");
exit(EXIT_FAILURE);
}
}
}
file_ctx->size_limit = limit * 1024 * 1024;
ret = Unified2AlertOpenFileCtx(file_ctx, filename);
if (ret < 0)
return NULL;
SCLogInfo("Unified2-alert initialized: filename %s, limit %"PRIu32" MB",
filename, limit);
return file_ctx;
}

1
src/output.h
Unescape Escape View File

@ -9,7 +9,6 @@
#define __OUTPUT_H__
#include "suricata.h"
#define UNIFIED_FILESIZE_LIMIT 10*1024*1024
typedef struct OutputModule_ {
char *name;

9
suricata.yaml
Unescape Escape View File

@ -21,14 +21,23 @@ outputs:
enabled: yes
filename: unified.log
# Limit in MB.
#limit: 32
- unified-alert:
enabled: yes
filename: unified.alert
# Limit in MB.
#limit: 32
- unified2-alert:
enabled: yes
filename: unified2.alert
# Limit in MB.
#limit: 32
- http-log:
enabled: yes
filename: http.log

Write Preview
Loading…
Cancel
Save