static int Unified2IPv6TypeAlert(ThreadVars *, const Packet *, void *);
static int Unified2PacketTypeAlert(Unified2AlertThread *, const Packet *, uint32_t, int);
void Unified2RegisterTests(void);
-int Unified2AlertOpenFileCtx(LogFileCtx *, const char *);
+static int Unified2AlertOpenFileCtx(LogFileCtx *, const char *, bool);
static void Unified2AlertDeInitCtx(OutputCtx *);
int Unified2Condition(ThreadVars *tv, const Packet *p);
* \retval 0 on succces
* \retval -1 on failure
*/
-static int Unified2AlertRotateFile(Unified2AlertThread *aun)
+static int Unified2AlertRotateFile(Unified2AlertThread *aun, bool truncate)
{
if (Unified2AlertCloseFile(aun) < 0) {
SCLogError(SC_ERR_UNIFIED2_ALERT_GENERIC,
"Error: Unified2AlertCloseFile failed");
return -1;
}
- if (Unified2AlertOpenFileCtx(aun->unified2alert_ctx->file_ctx,aun->unified2alert_ctx->
- file_ctx->prefix) < 0) {
+ if (Unified2AlertOpenFileCtx(aun->unified2alert_ctx->file_ctx,
+ aun->unified2alert_ctx->file_ctx->prefix, truncate) < 0) {
SCLogError(SC_ERR_UNIFIED2_ALERT_GENERIC,
"Error: Unified2AlertOpenFileCtx, open new log file failed");
return -1;
static int Unified2IPv6TypeAlert(ThreadVars *t, const Packet *p, void *data)
{
Unified2AlertThread *aun = (Unified2AlertThread *)data;
+ LogFileCtx *file_ctx = aun->unified2alert_ctx->file_ctx;
Unified2AlertFileHeader hdr;
AlertIPv6Unified2 *phdr;
AlertIPv6Unified2 gphdr;
phdr->classification_id = htonl(pa->s->class);
phdr->priority_id = htonl(pa->s->prio);
- SCMutexLock(&aun->unified2alert_ctx->file_ctx->fp_mutex);
- if ((aun->unified2alert_ctx->file_ctx->size_current + length) >
- aun->unified2alert_ctx->file_ctx->size_limit) {
- if (Unified2AlertRotateFile(aun) < 0) {
+ SCMutexLock(&file_ctx->fp_mutex);
+
+ bool truncate = (file_ctx->size_current + length) > file_ctx->size_limit
+ ? true : false;
+ if (truncate || file_ctx->rotation_flag) {
+ if (Unified2AlertRotateFile(aun, truncate) < 0) {
aun->unified2alert_ctx->file_ctx->alerts += i;
- SCMutexUnlock(&aun->unified2alert_ctx->file_ctx->fp_mutex);
+ SCMutexUnlock(&file_ctx->fp_mutex);
return -1;
}
+ file_ctx->rotation_flag = 0;
}
if (Unified2Write(aun) != 1) {
- aun->unified2alert_ctx->file_ctx->alerts += i;
- SCMutexUnlock(&aun->unified2alert_ctx->file_ctx->fp_mutex);
+ file_ctx->alerts += i;
+ SCMutexUnlock(&file_ctx->fp_mutex);
return -1;
}
static int Unified2IPv4TypeAlert (ThreadVars *tv, const Packet *p, void *data)
{
Unified2AlertThread *aun = (Unified2AlertThread *)data;
+ LogFileCtx *file_ctx = aun->unified2alert_ctx->file_ctx;
Unified2AlertFileHeader hdr;
AlertIPv4Unified2 *phdr;
AlertIPv4Unified2 gphdr;
phdr->priority_id = htonl(pa->s->prio);
/* check and enforce the filesize limit */
- SCMutexLock(&aun->unified2alert_ctx->file_ctx->fp_mutex);
-
- if ((aun->unified2alert_ctx->file_ctx->size_current + length) >
- aun->unified2alert_ctx->file_ctx->size_limit) {
- if (Unified2AlertRotateFile(aun) < 0) {
- aun->unified2alert_ctx->file_ctx->alerts += i;
- SCMutexUnlock(&aun->unified2alert_ctx->file_ctx->fp_mutex);
+ SCMutexLock(&file_ctx->fp_mutex);
+
+ bool truncate = (file_ctx->size_current + length) > file_ctx->size_limit
+ ? true : false;
+ if (truncate || file_ctx->rotation_flag) {
+ if (Unified2AlertRotateFile(aun, truncate) < 0) {
+ file_ctx->alerts += i;
+ SCMutexUnlock(&file_ctx->fp_mutex);
return -1;
}
+ file_ctx->rotation_flag = 0;
}
if (Unified2Write(aun) != 1) {
- aun->unified2alert_ctx->file_ctx->alerts += i;
- SCMutexUnlock(&aun->unified2alert_ctx->file_ctx->fp_mutex);
+ file_ctx->alerts += i;
+ SCMutexUnlock(&file_ctx->fp_mutex);
return -1;
}
LogFileCtx* file_ctx = NULL;
OutputCtx* output_ctx = NULL;
HttpXFFCfg *xff_cfg = NULL;
+ int nostamp = 0;
file_ctx = LogFileNewCtx();
if (file_ctx == NULL) {
exit(EXIT_FAILURE);
}
}
+
+ if (ConfGetChildValueBool(conf, "nostamp", &nostamp)) {
+ if (nostamp) {
+ SCLogConfig("Disabling unified2 timestamp.");
+ file_ctx->nostamp = true;
+ }
+ }
}
uint32_t flags = UNIFIED2_ALERT_FLAGS_EMIT_PACKET;
}
}
- ret = Unified2AlertOpenFileCtx(file_ctx, filename);
+ ret = Unified2AlertOpenFileCtx(file_ctx, filename, false);
if (ret < 0)
goto error;
+ /* Only register for file rotation if theout is non-timestamped. */
+ if (nostamp) {
+ OutputRegisterFileRotationFlag(&file_ctx->rotation_flag);
+ }
+
output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL))
goto error;
* \param prefix Prefix of the log file.
* \return -1 if failure, 0 if succesful
* */
-int Unified2AlertOpenFileCtx(LogFileCtx *file_ctx, const char *prefix)
+static int Unified2AlertOpenFileCtx(LogFileCtx *file_ctx, const char *prefix,
+ bool truncate)
{
int ret = 0;
char *filename = NULL;
char *log_dir;
log_dir = ConfigGetLogDirectory();
- snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32, log_dir, prefix, (uint32_t)ts.tv_sec);
+ if (file_ctx->nostamp) {
+ snprintf(filename, PATH_MAX, "%s/%s", log_dir, prefix);
+ } else {
+ snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32, log_dir, prefix, (uint32_t)ts.tv_sec);
+ }
- file_ctx->fp = fopen(filename, "ab");
+ if (truncate) {
+ file_ctx->fp = fopen(filename, "wb");
+ } else {
+ file_ctx->fp = fopen(filename, "ab");
+ }
if (file_ctx->fp == NULL) {
SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", filename,
strerror(errno));
TimeSetIncrementTime(1);
- ret = Unified2AlertRotateFile(data);
+ ret = Unified2AlertRotateFile(data, false);
if (ret == -1)
goto error;
projects / thirdparty / suricata.git / commitdiff
