output: default output format

Add a separate default for file output.

diff --git a/src/util-debug.c b/src/util-debug.c
index 507bcbb0dcbb5d19e6dd9e5095d1755de967412a..c26710c6343d9deefb4cae442810064fbc261470 100644 (file)
--- a/src/util-debug.c
+++ b/src/util-debug.c
@@ -1046,11 +1046,16 @@ SCLogLevel SCLogGetLogLevel(void)
     return sc_log_global_log_level;
 }
 
-static inline const char *SCLogGetDefaultLogFormat(void)
+static inline const char *SCLogGetDefaultLogFormat(const SCLogLevel lvl)
 {
     const char *prog_ver = GetProgramVersion();
     if (strstr(prog_ver, "RELEASE") != NULL) {
-        return SC_LOG_DEF_LOG_FORMAT_REL;
+        if (lvl <= SC_LOG_NOTICE)
+            return SC_LOG_DEF_LOG_FORMAT_REL;
+        else if (lvl <= SC_LOG_INFO)
+            return SC_LOG_DEF_LOG_FORMAT_RELV;
+        else if (lvl <= SC_LOG_PERF)
+            return SC_LOG_DEF_LOG_FORMAT_RELVV;
     }
     return SC_LOG_DEF_LOG_FORMAT_DEV;
 }
@@ -1076,7 +1081,7 @@ static inline void SCLogSetLogFormat(SCLogInitData *sc_lid, SCLogConfig *sc_lc)
 
     /* deal with the global log format to be used */
     if (format == NULL || strlen(format) > SC_LOG_MAX_LOG_FORMAT_LEN) {
-        format = SCLogGetDefaultLogFormat();
+        format = SCLogGetDefaultLogFormat(sc_lc->log_level);
 #ifndef UNITTESTS
         if (sc_lid != NULL) {
             printf("Warning: Invalid/No global_log_format supplied by user or format "
@@ -1440,7 +1445,7 @@ void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
     }
 
     if (ConfGet("logging.default-log-format", &sc_lid->global_log_format) != 1)
-        sc_lid->global_log_format = SCLogGetDefaultLogFormat();
+        sc_lid->global_log_format = SCLogGetDefaultLogFormat(sc_lid->global_log_level);
 
     (void)ConfGet("logging.default-output-filter", &sc_lid->op_filter);
 
@@ -1470,11 +1475,7 @@ void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
             }
         }
 
-        /* if available use the log format setting for this output,
-         * otherwise fall back to the global setting. */
         format = ConfNodeLookupChildValue(output, "format");
-        if (format == NULL)
-            format = sc_lid->global_log_format;
 
         level_s = ConfNodeLookupChildValue(output, "level");
         if (level_s != NULL) {
@@ -1493,6 +1494,10 @@ void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
             op_iface_ctx = SCLogInitConsoleOPIface(format, level, type);
         }
         else if (strcmp(output->name, "file") == 0) {
+            if (format == NULL) {
+                format = SC_LOG_DEF_FILE_FORMAT;
+            }
+
             const char *filename = ConfNodeLookupChildValue(output, "filename");
             if (filename == NULL) {
                 FatalError("Logging to file requires a filename");
@@ -1528,9 +1533,7 @@ void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
             op_iface_ctx = SCLogInitSyslogOPIface(facility, format, level, type);
         }
         else {
-            SCLogWarning("Invalid logging method: %s, "
-                         "ignoring",
-                    output->name);
+            SCLogWarning("invalid logging method: %s, ignoring", output->name);
         }
         if (op_iface_ctx != NULL) {
             SCLogAppendOPIfaceCtx(op_iface_ctx, sc_lid);
@@ -1538,9 +1541,9 @@ void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
     }
 
     if (daemon && (have_logging == 0)) {
-        SCLogError("NO logging compatible with daemon mode selected,"
-                   " suricata won't be able to log. Please update "
-                   " 'logging.outputs' in the YAML.");
+        SCLogWarning("no logging compatible with daemon mode selected,"
+                     " suricata won't be able to log. Please update "
+                     " 'logging.outputs' in the YAML.");
     }
 
     /* Set the global log level to that of the max level used. */
@@ -1626,7 +1629,8 @@ static int SCLogTestInit01(void)
     FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
                SC_LOG_DEF_LOG_OP_IFACE == sc_log_config->op_ifaces->iface);
     FAIL_IF_NOT(sc_log_config->log_format != NULL &&
-               strcmp(SCLogGetDefaultLogFormat(), sc_log_config->log_format) == 0);
+                strcmp(SCLogGetDefaultLogFormat(sc_log_config->log_level),
+                        sc_log_config->log_format) == 0);
 
     SCLogDeInitLogModule();
 
@@ -1679,7 +1683,8 @@ static int SCLogTestInit02(void)
                sc_log_config->op_ifaces->next != NULL &&
                SC_LOG_OP_IFACE_CONSOLE == sc_log_config->op_ifaces->next->iface);
     FAIL_IF_NOT(sc_log_config->log_format != NULL &&
-               strcmp(SCLogGetDefaultLogFormat(), sc_log_config->log_format) == 0);
+                strcmp(SCLogGetDefaultLogFormat(sc_log_config->log_level),
+                        sc_log_config->log_format) == 0);
     FAIL_IF_NOT(sc_log_config->op_ifaces != NULL &&
                sc_log_config->op_ifaces->log_format != NULL &&
                strcmp("%m - %d", sc_log_config->op_ifaces->log_format) == 0);

diff --git a/src/util-debug.h b/src/util-debug.h
index 3d42a1ba099a3fb12c095d45e9dd79de2daf390c..d56ea61cd80400499bd4167c5fca14ee64bae7b5 100644 (file)
--- a/src/util-debug.h
+++ b/src/util-debug.h
@@ -74,11 +74,14 @@ typedef enum {
 } SCLogOPType;
 
 /* The default log_format, if it is not supplied by the user */
-#define SC_LOG_DEF_LOG_FORMAT_REL "%t [%S] - <%d> - "
+#define SC_LOG_DEF_FILE_FORMAT      "[%i - %m] %t %d: %S: "
+#define SC_LOG_DEF_LOG_FORMAT_REL   "%D: %S: "
+#define SC_LOG_DEF_LOG_FORMAT_RELV  "%d: %S: "
+#define SC_LOG_DEF_LOG_FORMAT_RELVV "[%i] %d: %S: "
 #ifdef DEBUG
-#define SC_LOG_DEF_LOG_FORMAT_DEV "[%i] %t [%S] - (%f:%l) <%d> (%n) -- %E"
+#define SC_LOG_DEF_LOG_FORMAT_DEV "[%f:%l] %d: %S: "
 #else
-#define SC_LOG_DEF_LOG_FORMAT_DEV "[%i] %t [%S] - <%d> -- %E"
+#define SC_LOG_DEF_LOG_FORMAT_DEV "[%f:%l] %d: %S: "
 #endif
 
 /* The maximum length of the log message */