]> git.ipfire.org Git - people/ms/suricata.git/blob - src/output-json-stats.c
projects / people / ms / suricata.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
stats: use unshortened interface names in counters
[people/ms/suricata.git] / src / output-json-stats.c
1 /* Copyright (C) 2014 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18 /**
19 * \file
20 *
21 * \author Tom DeCanio <td@npulsetech.com>
22 *
23 * Implements JSON stats counters logging portion of the engine.
24 */
25
26 #include "suricata-common.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "pkt-var.h"
30 #include "conf.h"
31
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35
36 #include "util-print.h"
37 #include "util-unittest.h"
38
39 #include "util-debug.h"
40 #include "output.h"
41 #include "util-privs.h"
42 #include "util-buffer.h"
43
44 #include "util-logopenfile.h"
45 #include "util-crypt.h"
46
47 #include "output-json.h"
48 #include "output-json-stats.h"
49
50 #define MODULE_NAME "JsonStatsLog"
51
52 #ifdef HAVE_LIBJANSSON
53
54 typedef struct OutputStatsCtx_ {
55 LogFileCtx *file_ctx;
56 uint32_t flags; /** Store mode */
57 } OutputStatsCtx;
58
59 typedef struct JsonStatsLogThread_ {
60 OutputStatsCtx *statslog_ctx;
61 MemBuffer *buffer;
62 } JsonStatsLogThread;
63
64 static json_t *OutputStats2Json(json_t *js, const char *key)
65 {
66 void *iter;
67
68 const char *dot = index(key, '.');
69 if (dot == NULL)
70 return NULL;
71 if (strlen(dot) > 2) {
72 if (*(dot + 1) == '.' && *(dot + 2) != '\0')
73 dot = index(dot + 2, '.');
74 }
75
76 size_t predot_len = (dot - key) + 1;
77 char s[predot_len];
78 strlcpy(s, key, predot_len);
79
80 iter = json_object_iter_at(js, s);
81 const char *s2 = index(dot+1, '.');
82
83 json_t *value = json_object_iter_value(iter);
84 if (value == NULL) {
85 value = json_object();
86 json_object_set_new(js, s, value);
87 }
88 if (s2 != NULL) {
89 return OutputStats2Json(value, &key[dot-key+1]);
90 }
91 return value;
92 }
93
94 /** \brief turn StatsTable into a json object
95 * \param flags JSON_STATS_* flags for controlling output
96 */
97 json_t *StatsToJSON(const StatsTable *st, uint8_t flags)
98 {
99 const char delta_suffix[] = "_delta";
100 struct timeval tval;
101 gettimeofday(&tval, NULL);
102
103 json_t *js_stats = json_object();
104 if (unlikely(js_stats == NULL)) {
105 return NULL;
106 }
107
108 /* Uptime, in seconds. */
109 double up_time_d = difftime(tval.tv_sec, st->start_time);
110 json_object_set_new(js_stats, "uptime",
111 json_integer((int)up_time_d));
112
113 uint32_t u = 0;
114 if (flags & JSON_STATS_TOTALS) {
115 for (u = 0; u < st->nstats; u++) {
116 if (st->stats[u].name == NULL)
117 continue;
118 const char *name = st->stats[u].name;
119 const char *shortname = name;
120 if (rindex(name, '.') != NULL) {
121 shortname = &name[rindex(name, '.') - name + 1];
122 }
123 json_t *js_type = OutputStats2Json(js_stats, name);
124 if (js_type != NULL) {
125 json_object_set_new(js_type, shortname,
126 json_integer(st->stats[u].value));
127
128 if (flags & JSON_STATS_DELTAS) {
129 char deltaname[strlen(shortname) + strlen(delta_suffix) + 1];
130 snprintf(deltaname, sizeof(deltaname), "%s%s", shortname,
131 delta_suffix);
132 json_object_set_new(js_type, deltaname,
133 json_integer(st->stats[u].value - st->stats[u].pvalue));
134 }
135 }
136 }
137 }
138
139 /* per thread stats - stored in a "threads" object. */
140 if (st->tstats != NULL && (flags & JSON_STATS_THREADS)) {
141 /* for each thread (store) */
142 json_t *threads = json_object();
143 if (unlikely(threads == NULL)) {
144 json_decref(js_stats);
145 return NULL;
146 }
147 uint32_t x;
148 for (x = 0; x < st->ntstats; x++) {
149 uint32_t offset = x * st->nstats;
150
151 /* for each counter */
152 for (u = offset; u < (offset + st->nstats); u++) {
153 if (st->tstats[u].name == NULL)
154 continue;
155
156 char str[256];
157 snprintf(str, sizeof(str), "%s.%s", st->tstats[u].tm_name, st->tstats[u].name);
158 char *shortname = &str[rindex(str, '.') - str + 1];
159 json_t *js_type = OutputStats2Json(threads, str);
160
161 if (js_type != NULL) {
162 json_object_set_new(js_type, shortname, json_integer(st->tstats[u].value));
163
164 if (flags & JSON_STATS_DELTAS) {
165 char deltaname[strlen(shortname) + strlen(delta_suffix) + 1];
166 snprintf(deltaname, sizeof(deltaname), "%s%s",
167 shortname, delta_suffix);
168 json_object_set_new(js_type, deltaname,
169 json_integer(st->tstats[u].value - st->tstats[u].pvalue));
170 }
171 }
172 }
173 }
174 json_object_set_new(js_stats, "threads", threads);
175 }
176 return js_stats;
177 }
178
179 static int JsonStatsLogger(ThreadVars *tv, void *thread_data, const StatsTable *st)
180 {
181 SCEnter();
182 JsonStatsLogThread *aft = (JsonStatsLogThread *)thread_data;
183
184 struct timeval tval;
185 gettimeofday(&tval, NULL);
186
187 json_t *js = json_object();
188 if (unlikely(js == NULL))
189 return 0;
190 char timebuf[64];
191 CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
192 json_object_set_new(js, "timestamp", json_string(timebuf));
193 json_object_set_new(js, "event_type", json_string("stats"));
194
195 json_t *js_stats = StatsToJSON(st, aft->statslog_ctx->flags);
196 if (js_stats == NULL) {
197 json_decref(js);
198 return 0;
199 }
200
201 json_object_set_new(js, "stats", js_stats);
202
203 OutputJSONBuffer(js, aft->statslog_ctx->file_ctx, &aft->buffer);
204 MemBufferReset(aft->buffer);
205
206 json_object_clear(js_stats);
207 json_object_del(js, "stats");
208 json_object_clear(js);
209 json_decref(js);
210
211 SCReturnInt(0);
212 }
213
214 #define OUTPUT_BUFFER_SIZE 65535
215 static TmEcode JsonStatsLogThreadInit(ThreadVars *t, const void *initdata, void **data)
216 {
217 JsonStatsLogThread *aft = SCMalloc(sizeof(JsonStatsLogThread));
218 if (unlikely(aft == NULL))
219 return TM_ECODE_FAILED;
220 memset(aft, 0, sizeof(JsonStatsLogThread));
221
222 if(initdata == NULL)
223 {
224 SCLogDebug("Error getting context for EveLogStats. \"initdata\" argument NULL");
225 SCFree(aft);
226 return TM_ECODE_FAILED;
227 }
228
229 /* Use the Ouptut Context (file pointer and mutex) */
230 aft->statslog_ctx = ((OutputCtx *)initdata)->data;
231
232 aft->buffer = MemBufferCreateNew(OUTPUT_BUFFER_SIZE);
233 if (aft->buffer == NULL) {
234 SCFree(aft);
235 return TM_ECODE_FAILED;
236 }
237
238 *data = (void *)aft;
239 return TM_ECODE_OK;
240 }
241
242 static TmEcode JsonStatsLogThreadDeinit(ThreadVars *t, void *data)
243 {
244 JsonStatsLogThread *aft = (JsonStatsLogThread *)data;
245 if (aft == NULL) {
246 return TM_ECODE_OK;
247 }
248
249 MemBufferFree(aft->buffer);
250
251 /* clear memory */
252 memset(aft, 0, sizeof(JsonStatsLogThread));
253
254 SCFree(aft);
255 return TM_ECODE_OK;
256 }
257
258 static void OutputStatsLogDeinit(OutputCtx *output_ctx)
259 {
260
261 OutputStatsCtx *stats_ctx = output_ctx->data;
262 LogFileCtx *logfile_ctx = stats_ctx->file_ctx;
263 LogFileFreeCtx(logfile_ctx);
264 SCFree(stats_ctx);
265 SCFree(output_ctx);
266 }
267
268 #define DEFAULT_LOG_FILENAME "stats.json"
269 static OutputCtx *OutputStatsLogInit(ConfNode *conf)
270 {
271 LogFileCtx *file_ctx = LogFileNewCtx();
272 if(file_ctx == NULL) {
273 SCLogError(SC_ERR_STATS_LOG_GENERIC, "couldn't create new file_ctx");
274 return NULL;
275 }
276
277 if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
278 LogFileFreeCtx(file_ctx);
279 return NULL;
280 }
281
282 OutputStatsCtx *stats_ctx = SCMalloc(sizeof(OutputStatsCtx));
283 if (unlikely(stats_ctx == NULL)) {
284 LogFileFreeCtx(file_ctx);
285 return NULL;
286 }
287 stats_ctx->flags = JSON_STATS_TOTALS;
288
289 if (conf != NULL) {
290 const char *totals = ConfNodeLookupChildValue(conf, "totals");
291 const char *threads = ConfNodeLookupChildValue(conf, "threads");
292 const char *deltas = ConfNodeLookupChildValue(conf, "deltas");
293 SCLogDebug("totals %s threads %s deltas %s", totals, threads, deltas);
294
295 if (totals != NULL && ConfValIsFalse(totals)) {
296 stats_ctx->flags &= ~JSON_STATS_TOTALS;
297 }
298 if (threads != NULL && ConfValIsTrue(threads)) {
299 stats_ctx->flags |= JSON_STATS_THREADS;
300 }
301 if (deltas != NULL && ConfValIsTrue(deltas)) {
302 stats_ctx->flags |= JSON_STATS_DELTAS;
303 }
304 SCLogDebug("stats_ctx->flags %08x", stats_ctx->flags);
305 }
306
307 OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
308 if (unlikely(output_ctx == NULL)) {
309 LogFileFreeCtx(file_ctx);
310 SCFree(stats_ctx);
311 return NULL;
312 }
313
314 stats_ctx->file_ctx = file_ctx;
315
316 output_ctx->data = stats_ctx;
317 output_ctx->DeInit = OutputStatsLogDeinit;
318
319 return output_ctx;
320 }
321
322 static void OutputStatsLogDeinitSub(OutputCtx *output_ctx)
323 {
324 OutputStatsCtx *stats_ctx = output_ctx->data;
325 SCFree(stats_ctx);
326 SCFree(output_ctx);
327 }
328
329 static OutputCtx *OutputStatsLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
330 {
331 AlertJsonThread *ajt = parent_ctx->data;
332
333 OutputStatsCtx *stats_ctx = SCMalloc(sizeof(OutputStatsCtx));
334 if (unlikely(stats_ctx == NULL))
335 return NULL;
336
337 stats_ctx->flags = JSON_STATS_TOTALS;
338
339 if (conf != NULL) {
340 const char *totals = ConfNodeLookupChildValue(conf, "totals");
341 const char *threads = ConfNodeLookupChildValue(conf, "threads");
342 const char *deltas = ConfNodeLookupChildValue(conf, "deltas");
343 SCLogDebug("totals %s threads %s deltas %s", totals, threads, deltas);
344
345 if ((totals != NULL && ConfValIsFalse(totals)) &&
346 (threads != NULL && ConfValIsFalse(threads))) {
347 SCFree(stats_ctx);
348 SCLogError(SC_ERR_JSON_STATS_LOG_NEGATED,
349 "Cannot disable both totals and threads in stats logging");
350 return NULL;
351 }
352
353 if (totals != NULL && ConfValIsFalse(totals)) {
354 stats_ctx->flags &= ~JSON_STATS_TOTALS;
355 }
356 if (threads != NULL && ConfValIsTrue(threads)) {
357 stats_ctx->flags |= JSON_STATS_THREADS;
358 }
359 if (deltas != NULL && ConfValIsTrue(deltas)) {
360 stats_ctx->flags |= JSON_STATS_DELTAS;
361 }
362 SCLogDebug("stats_ctx->flags %08x", stats_ctx->flags);
363 }
364
365 OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
366 if (unlikely(output_ctx == NULL)) {
367 SCFree(stats_ctx);
368 return NULL;
369 }
370
371 stats_ctx->file_ctx = ajt->file_ctx;
372
373 output_ctx->data = stats_ctx;
374 output_ctx->DeInit = OutputStatsLogDeinitSub;
375
376 return output_ctx;
377 }
378
379 void JsonStatsLogRegister(void) {
380 /* register as separate module */
381 OutputRegisterStatsModule(LOGGER_JSON_STATS, MODULE_NAME, "stats-json",
382 OutputStatsLogInit, JsonStatsLogger, JsonStatsLogThreadInit,
383 JsonStatsLogThreadDeinit, NULL);
384
385 /* also register as child of eve-log */
386 OutputRegisterStatsSubModule(LOGGER_JSON_STATS, "eve-log", MODULE_NAME,
387 "eve-log.stats", OutputStatsLogInitSub, JsonStatsLogger,
388 JsonStatsLogThreadInit, JsonStatsLogThreadDeinit, NULL);
389 }
390
391 #else
392
393 void JsonStatsLogRegister (void)
394 {
395 }
396
397 #endif
Michael's tree of suricata