Pull request #4110: appid: Lua logging doc update

Merge in SNORT/snort3 from ~OSTEPANO/snort3:lua_os_doc to master

Squashed commit of the following:

commit 66d83304b0e7fefb4cde191f640c2ee9de0a1fb4
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date:   Thu Nov 23 10:45:35 2023 -0500

    appid: Lua logging doc update

diff --git a/src/network_inspectors/appid/dev_notes.txt b/src/network_inspectors/appid/dev_notes.txt
index 9972064116e7cbddd21abc7e6c7acaca9f21ddbe..3791b13a7a8f7c1e3e0dc4c453d5fd72b5b6d536 100644 (file)
--- a/src/network_inspectors/appid/dev_notes.txt
+++ b/src/network_inspectors/appid/dev_notes.txt
@@ -154,4 +154,10 @@ for the first packet. If there's an entry in the cache, the found appids are ass
 further discovery is carried out on the incoming traffic.
 Here, there could be two scenarios, if the reinspection flag is enabled, discovery process is further continued and 
 appids found on first packet may or may not change, else if it is disabled, the discovery is stopped at the first packet itself 
-and appids remains the same for this entire session. 
\ No newline at end of file
+and appids remains the same for this entire session. 
+
+LUA detectors can log messages at any point within their workflow ( e.g initialisation, deinitialisation and packet processing ) through
+snort via the detector_log_snort_message ( LUA cLog ) API. This function requires 2 arguments - log_level and message.
+The log_level argument tells snort what information needs to be logged. LUA_LOG_TRACE corresponds to packet-centric logging and
+thus instructs snort to attempt to add packet 5-tuple information to the log messages. Control logic should use the LUA_LOG_INFO log_level to
+log messages at a higher urgency and without packet information. Packet processing log should use LUA_LOG_TRACE instead, as described above.