mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
497575d38e
When running on a TILEncore-Gx PCIe card, setting the filetype of fast.log to pcie, will open a connection over PCIe to a host application caleld tile-pcie-logd, that receives the alert strings and writes them to a file on the host. The file name to open is also passed over the PCIe link. This allows running Suricata on the TILEncore-Gx PCIe card, but have the alerts logged to the host system's file system efficiently. The PCIe API that is used is the Tilera Packet Queue (PQ) API which can access PCIe from User Space, thus avoiding system calls. Created util-logopenfile-tile.c and util-logopen-tile.h for the TILE specific PCIe logging functionality. Using Write() and Close() function pointers in LogFileCtx, which default to standard write and close for files and sockets, but are changed to PCIe write and close functions when a PCIe channel is openned for logging. Moved Logging contex out of tm-modules.h into util-logopenfile.h, where it makes more sense. This required including util-logopenfile.h into a couple of alert-*.c files, which previously were getting the definitions from tm-modules.h. The source and Makefile for tile-pcie-logd are added in contrib/tile-pcie-logd. By default, the file name for fast.log specified in suricata.yaml is used as the filename on the host. An optional argument to tile-pcie-logd, --prefix=, can be added to prepend the supplied file path. For example, is the file in suricata.yaml is specified as "/var/log/fast.log" and --prefix="/tmp", then the file will be written to "/tmp/var/log/fast.log". Check for TILERA_ROOT environment variable before building tile_pcie_logd Building tile_pcie_logd on x86 requires the Tilera MDE for its PCIe libraries and API header files. Configure now checs for TILERA_ROOT before enabling builing tile_pcie_logd in contrib/tile_pcie_logd |
11 years ago | |
|---|---|---|
| .. | ||
| LICENSE | 11 years ago | |
| Makefile.am | 11 years ago | |
| README | 11 years ago | |
| tile_pcie_logd.c | 11 years ago | |
README
Introduction ------------ This application allows writing files to an x86 host from a TILEncore-Gx PCIe card. The file name and data are sent over PCIe using the Tilera Packet Queue API from an aplication running on the Tilera processor. The original purpose is to write log files from Suricata (Intrusion Dectection System) on the x86 host's file system. Running The Logger ------------------ To run the application, set the TILERA_ROOT environment variable to point to a valide Tilera MDE, then do: make run The application should be started before the application on the Tile side that will be generating the log data. By default, queue number 0 is used. The --queue_index=N command line argument can be used to change the queue number. If more than one TILEncore-Gx PCIe card is installed, the --card=M argument changes to listening to card M. Caveats ------- Due to the fact that the host driver allocates 4MB physically contiguous memory for the packet queue ring buffer, it is possible that this allocation could fail on a host whose memory has been considerably fragmented. If the host program exits with the following error, reboot the host and run the test again. Host: Failed to open '/dev/tilegxpci%d/packet_queue/t2h/0': Cannot allocate memory