From: Jason Ish <ish@unx.ca>
Date: Wed, 5 Apr 2017 04:21:37 +0000 (-0600)
Subject: eve: log number of events dropped at exit
X-Git-Tag: suricata-4.0.0-beta1~220
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=673549e5cf34188a08d7934b1cafa36f2e3bdeb6;p=thirdparty%2Fsuricata.git

eve: log number of events dropped at exit
---

diff --git a/src/output-json.c b/src/output-json.c
index 7b0a1f99a0..5a457cd504 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -720,6 +720,11 @@ static void OutputJsonDeInitCtx(OutputCtx *output_ctx)
 {
     OutputJsonCtx *json_ctx = (OutputJsonCtx *)output_ctx->data;
     LogFileCtx *logfile_ctx = json_ctx->file_ctx;
+    if (logfile_ctx->dropped) {
+        SCLogWarning(SC_WARN_EVENT_DROPPED,
+                "%"PRIu64" events were dropped due to slow or "
+                "disconnected socket", logfile_ctx->dropped);
+    }
     LogFileFreeCtx(logfile_ctx);
     SCFree(json_ctx);
     SCFree(output_ctx);
diff --git a/src/util-error.c b/src/util-error.c
index 7b7aa7afc3..99b7e55cf7 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -339,6 +339,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_VAR_LIMIT);
         CASE_CODE (SC_WARN_CHMOD);
         CASE_CODE (SC_WARN_LOG_CF_TOO_MANY_NODES);
+        CASE_CODE (SC_WARN_EVENT_DROPPED);
     }
 
     return "UNKNOWN_ERROR";
diff --git a/src/util-error.h b/src/util-error.h
index 85e174abbe..dbafabe100 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -329,6 +329,7 @@ typedef enum {
     SC_WARN_DUPLICATE_OUTPUT,
     SC_WARN_CHMOD,
     SC_WARN_LOG_CF_TOO_MANY_NODES,
+    SC_WARN_EVENT_DROPPED,
 } SCError;
 
 const char *SCErrorToString(SCError);