From: Jeff Lucovsky Date: Tue, 10 Oct 2023 12:02:12 +0000 (-0400) Subject: output/null: Add the null output device X-Git-Tag: suricata-8.0.0-beta1~2087 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad96382cf236d8c2e5c053fd56f83833c0926087;p=thirdparty%2Fsuricata.git output/null: Add the null output device This commit adds the null output device; to use, set the filetype to "nullsink" for each output that should discard and never persist logs/alerts/etc. This is implemented as an "internal eve output plugin" just like the syslog eve output type. --- diff --git a/src/Makefile.am b/src/Makefile.am index c5b2fe52e8..8f6d9ced99 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -386,6 +386,7 @@ noinst_HEADERS = \ log-tlslog.h \ log-tlsstore.h \ output-eve-stream.h \ + output-eve-null.h \ output-filedata.h \ output-file.h \ output-filestore.h \ @@ -1039,6 +1040,7 @@ libsuricata_c_a_SOURCES = \ output-json-tftp.c \ output-json-tls.c \ output-eve-syslog.c \ + output-eve-null.c \ output-lua.c \ output-packet.c \ output-stats.c \ diff --git a/src/output-eve-null.c b/src/output-eve-null.c new file mode 100644 index 0000000000..1b62b96b36 --- /dev/null +++ b/src/output-eve-null.c @@ -0,0 +1,85 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Jeff Lucovsky + * + * File-like output for logging: null/discard device + */ + +#include "suricata-common.h" /* errno.h, string.h, etc. */ + +#include "output.h" /* DEFAULT_LOG_* */ +#include "output-eve-null.h" + +#ifdef OS_WIN32 +void NullLogInitialize(void) +{ +} +#else /* !OS_WIN32 */ + +#define OUTPUT_NAME "nullsink" + +static int NullLogInit(ConfNode *conf, bool threaded, void **init_data) +{ + *init_data = NULL; + return 0; +} + +static int NullLogWrite(const char *buffer, int buffer_len, void *init_data, void *thread_data) +{ + return 0; +} + +static int NullLogThreadInit(void *init_data, int thread_id, void **thread_data) +{ + *thread_data = NULL; + return 0; +} + +static int NullLogThreadDeInit(void *init_data, void *thread_data) +{ + return 0; +} + +static void NullLogDeInit(void *init_data) +{ +} + +void NullLogInitialize(void) +{ + SCLogDebug("Registering the %s logger", OUTPUT_NAME); + + SCEveFileType *file_type = SCCalloc(1, sizeof(SCEveFileType)); + + if (file_type == NULL) { + FatalError("Unable to allocate memory for eve file type %s", OUTPUT_NAME); + } + + file_type->name = OUTPUT_NAME; + file_type->Init = NullLogInit; + file_type->Deinit = NullLogDeInit; + file_type->Write = NullLogWrite; + file_type->ThreadInit = NullLogThreadInit; + file_type->ThreadDeinit = NullLogThreadDeInit; + if (!SCRegisterEveFileType(file_type)) { + FatalError("Failed to register EVE file type: %s", OUTPUT_NAME); + } +} +#endif /* !OS_WIN32 */ diff --git a/src/output-eve-null.h b/src/output-eve-null.h new file mode 100644 index 0000000000..9fd331347f --- /dev/null +++ b/src/output-eve-null.h @@ -0,0 +1,25 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Jeff Lucovsky + * + * File-like output for logging: null/discard device + */ +void NullLogInitialize(void); diff --git a/src/output-json.c b/src/output-json.c index 5d4255cd28..1dd2f948ab 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -47,7 +47,10 @@ #include "app-layer-parser.h" #include "util-classification-config.h" #include "util-syslog.h" + +/* Internal output plugins */ #include "output-eve-syslog.h" +#include "output-eve-null.h" #include "output.h" #include "output-json.h" @@ -98,6 +101,7 @@ void OutputJsonRegister (void) // Register output file types that use the new eve filetype registration // API. SyslogInitialize(); + NullLogInitialize(); } json_t *SCJsonString(const char *val)