#include "suricata-common.h"
#include "suricata-plugin.h"
+#include "output-eve.h"
#include "util-mem.h"
#include "util-debug.h"
log-tcp-data.h \
log-tlslog.h \
log-tlsstore.h \
+ output-eve.h \
output-eve-stream.h \
output-eve-null.h \
output-filedata.h \
output-json-template.c \
output-json-tftp.c \
output-json-tls.c \
+ output-eve.c \
output-eve-syslog.c \
output-eve-null.c \
output-lua.c \
#include "output.h" /* DEFAULT_LOG_* */
#include "output-eve-null.h"
+#include "output-eve.h"
#ifdef OS_WIN32
void NullLogInitialize(void)
#include "suricata-common.h" /* errno.h, string.h, etc. */
#include "output.h" /* DEFAULT_LOG_* */
+#include "output-eve.h"
#include "output-eve-syslog.h"
#include "util-syslog.h"
--- /dev/null
+/* Copyright (C) 2024 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#include "output-eve.h"
+#include "util-debug.h"
+
+static TAILQ_HEAD(, SCEveFileType_) output_types = TAILQ_HEAD_INITIALIZER(output_types);
+
+static bool IsBuiltinTypeName(const char *name)
+{
+ const char *builtin[] = {
+ "regular",
+ "unix_dgram",
+ "unix_stream",
+ "redis",
+ NULL,
+ };
+ for (int i = 0;; i++) {
+ if (builtin[i] == NULL) {
+ break;
+ }
+ if (strcmp(builtin[i], name) == 0) {
+ return true;
+ }
+ }
+ return false;
+}
+
+SCEveFileType *SCEveFindFileType(const char *name)
+{
+ SCEveFileType *plugin = NULL;
+ TAILQ_FOREACH (plugin, &output_types, entries) {
+ if (strcmp(name, plugin->name) == 0) {
+ return plugin;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * \brief Register an Eve file type.
+ *
+ * \retval true if registered successfully, false if the file type name
+ * conflicts with a built-in or previously registered
+ * file type.
+ */
+bool SCRegisterEveFileType(SCEveFileType *plugin)
+{
+ /* First check that the name doesn't conflict with a built-in filetype. */
+ if (IsBuiltinTypeName(plugin->name)) {
+ SCLogError("Eve file type name conflicts with built-in type: %s", plugin->name);
+ return false;
+ }
+
+ /* Now check against previously registered file types. */
+ SCEveFileType *existing = NULL;
+ TAILQ_FOREACH (existing, &output_types, entries) {
+ if (strcmp(existing->name, plugin->name) == 0) {
+ SCLogError("Eve file type name conflicts with previously registered type: %s",
+ plugin->name);
+ return false;
+ }
+ }
+
+ SCLogDebug("Registering EVE file type plugin %s", plugin->name);
+ TAILQ_INSERT_TAIL(&output_types, plugin, entries);
+ return true;
+}
--- /dev/null
+/* Copyright (C) 2024 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \brief EVE logging subsystem
+ *
+ * This file will attempt to the main module for EVE logging
+ * sub-system. Currently most of the API resides in output-json.[ch],
+ * but due to some circular dependencies between EVE, and LogFileCtx,
+ * it made it hard to add EVE filetype modules there until some
+ * include issues are figured out.
+ */
+
+#ifndef SURICATA_OUTPUT_EVE_H
+#define SURICATA_OUTPUT_EVE_H
+
+#include "suricata-common.h"
+#include "conf.h"
+
+typedef uint32_t ThreadId;
+
+/**
+ * Structure used to define an Eve output file type plugin.
+ */
+typedef struct SCEveFileType_ {
+ /* The name of the output, used to specify the output in the filetype section
+ * of the eve-log configuration. */
+ const char *name;
+ /* Init Called on first access */
+ int (*Init)(ConfNode *conf, bool threaded, void **init_data);
+ /* Write - Called on each write to the object */
+ int (*Write)(const char *buffer, int buffer_len, void *init_data, void *thread_data);
+ /* Close - Called on final close */
+ void (*Deinit)(void *init_data);
+ /* ThreadInit - Called for each thread using file object; non-zero thread_ids correlate
+ * to Suricata's worker threads; 0 correlates to the Suricata main thread */
+ int (*ThreadInit)(void *init_data, ThreadId thread_id, void **thread_data);
+ /* ThreadDeinit - Called for each thread using file object */
+ int (*ThreadDeinit)(void *init_data, void *thread_data);
+ TAILQ_ENTRY(SCEveFileType_) entries;
+} SCEveFileType;
+
+bool SCRegisterEveFileType(SCEveFileType *);
+
+SCEveFileType *SCEveFindFileType(const char *name);
+
+#endif
#include "util-log-redis.h"
#include "util-device.h"
#include "util-validate.h"
-#include "util-plugin.h"
#include "flow-var.h"
#include "flow-bit.h"
#include "source-pcap-file-helper.h"
-#include "suricata-plugin.h"
-
#define DEFAULT_LOG_FILENAME "eve.json"
#define MODULE_NAME "OutputJSON"
enum LogFileType log_filetype = FileTypeFromConf(output_s);
if (log_filetype == LOGFILE_TYPE_NOTSET) {
-#ifdef HAVE_PLUGINS
- SCEveFileType *plugin = SCPluginFindFileType(output_s);
+ SCEveFileType *plugin = SCEveFindFileType(output_s);
if (plugin != NULL) {
log_filetype = LOGFILE_TYPE_PLUGIN;
json_ctx->plugin = plugin;
} else
-#endif
FatalError("Invalid JSON output option: %s", output_s);
}
#include <stdint.h>
#include <stdbool.h>
+#include "queue.h"
+
#include "conf.h"
/**
} SCPlugin;
typedef SCPlugin *(*SCPluginRegisterFunc)(void);
-typedef uint32_t ThreadId;
-
-/**
- * Structure used to define an Eve output file type plugin.
- */
-typedef struct SCEveFileType_ {
- /* The name of the output, used to specify the output in the filetype section
- * of the eve-log configuration. */
- const char *name;
- /* Init Called on first access */
- int (*Init)(ConfNode *conf, bool threaded, void **init_data);
- /* Write - Called on each write to the object */
- int (*Write)(const char *buffer, int buffer_len, void *init_data, void *thread_data);
- /* Close - Called on final close */
- void (*Deinit)(void *init_data);
- /* ThreadInit - Called for each thread using file object; non-zero thread_ids correlate
- * to Suricata's worker threads; 0 correlates to the Suricata main thread */
- int (*ThreadInit)(void *init_data, ThreadId thread_id, void **thread_data);
- /* ThreadDeinit - Called for each thread using file object */
- int (*ThreadDeinit)(void *init_data, void *thread_data);
- TAILQ_ENTRY(SCEveFileType_) entries;
-} SCEveFileType;
-
-bool SCRegisterEveFileType(SCEveFileType *);
typedef struct SCCapturePlugin_ {
char *name;
#endif /* HAVE_LIBHIREDIS */
#include "suricata-plugin.h"
+#include "output-eve.h"
enum LogFileType {
LOGFILE_TYPE_FILE,
#include "suricata-plugin.h"
#include "suricata.h"
#include "runmodes.h"
-#include "output-eve-syslog.h"
#include "util-plugin.h"
#include "util-debug.h"
*/
static TAILQ_HEAD(, PluginListNode_) plugins = TAILQ_HEAD_INITIALIZER(plugins);
-static TAILQ_HEAD(, SCEveFileType_) output_types = TAILQ_HEAD_INITIALIZER(output_types);
-
static TAILQ_HEAD(, SCCapturePlugin_) capture_plugins = TAILQ_HEAD_INITIALIZER(capture_plugins);
bool RegisterPlugin(SCPlugin *plugin, void *lib)
}
}
-static bool IsBuiltinTypeName(const char *name)
-{
- const char *builtin[] = {
- "regular",
- "unix_dgram",
- "unix_stream",
- "redis",
- NULL,
- };
- for (int i = 0;; i++) {
- if (builtin[i] == NULL) {
- break;
- }
- if (strcmp(builtin[i], name) == 0) {
- return true;
- }
- }
- return false;
-}
-
-/**
- * \brief Register an Eve file type.
- *
- * \retval true if registered successfully, false if the file type name
- * conflicts with a built-in or previously registered
- * file type.
- */
-bool SCRegisterEveFileType(SCEveFileType *plugin)
-{
- /* First check that the name doesn't conflict with a built-in filetype. */
- if (IsBuiltinTypeName(plugin->name)) {
- SCLogError("Eve file type name conflicts with built-in type: %s", plugin->name);
- return false;
- }
-
- /* Now check against previously registered file types. */
- SCEveFileType *existing = NULL;
- TAILQ_FOREACH (existing, &output_types, entries) {
- if (strcmp(existing->name, plugin->name) == 0) {
- SCLogError("Eve file type name conflicts with previously registered type: %s",
- plugin->name);
- return false;
- }
- }
-
- SCLogDebug("Registering EVE file type plugin %s", plugin->name);
- TAILQ_INSERT_TAIL(&output_types, plugin, entries);
- return true;
-}
-
-SCEveFileType *SCPluginFindFileType(const char *name)
-{
- SCEveFileType *plugin = NULL;
- TAILQ_FOREACH(plugin, &output_types, entries) {
- if (strcmp(name, plugin->name) == 0) {
- return plugin;
- }
- }
- return NULL;
-}
-
int SCPluginRegisterCapture(SCCapturePlugin *plugin)
{
TAILQ_INSERT_TAIL(&capture_plugins, plugin, entries);
#include "suricata-plugin.h"
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args);
-SCEveFileType *SCPluginFindFileType(const char *name);
SCCapturePlugin *SCPluginFindCaptureByName(const char *name);
bool RegisterPlugin(SCPlugin *, void *);
projects / thirdparty / suricata.git / commitdiff
