From: Jeff Lucovsky Date: Wed, 14 Apr 2021 12:47:52 +0000 (-0400) Subject: log: Add module and subsystem identifiers to log X-Git-Tag: suricata-7.0.0-rc1~220 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8474344cdd00e3d128ffc3ec6d7e465bbe2894d;p=thirdparty%2Fsuricata.git log: Add module and subsystem identifiers to log Issue: 2497 This changeset provides subsystem and module identifiers in the log when the log format string contains "%S". By convention, the log format surrounds "%S" with brackets. The subsystem name is generally the same as the thread name. The module name is derived from the source code module name and usually consists of the first one or 2 segments of the name using the dash character as the segment delimiter. --- diff --git a/configure.ac b/configure.ac index 9989ca78ff..95775e80a7 100644 --- a/configure.ac +++ b/configure.ac @@ -2454,6 +2454,9 @@ if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${ AC_DEFINE([CAPTURE_OFFLOAD], [1],[Building flow capture bypass code]) fi +# Add diagnostic filename +CPPFLAGS="${CPPFLAGS} -D__SCFILENAME__=\\\"\$(*F)\\\"" + AC_SUBST(CFLAGS) AC_SUBST(LDFLAGS) AC_SUBST(CPPFLAGS) diff --git a/etc/schema.json b/etc/schema.json index baeb6b964d..962161d301 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -1371,6 +1371,12 @@ }, "message": { "type": "string" + }, + "thread_name": { + "type": "string" + }, + "module": { + "type": "string" } }, "additionalProperties": false diff --git a/rust/src/core.rs b/rust/src/core.rs index 9f0dd9bd67..d07c172bdc 100644 --- a/rust/src/core.rs +++ b/rust/src/core.rs @@ -129,6 +129,7 @@ pub type SCLogMessageFunc = filename: *const std::os::raw::c_char, line: std::os::raw::c_uint, function: *const std::os::raw::c_char, + subsystem: *const std::os::raw::c_char, message: *const std::os::raw::c_char) -> std::os::raw::c_int; pub type DetectEngineStateFreeFunc = diff --git a/rust/src/log.rs b/rust/src/log.rs index 7dc881257f..cc95a6bb88 100644 --- a/rust/src/log.rs +++ b/rust/src/log.rs @@ -71,10 +71,12 @@ pub fn sclog(level: Level, file: &str, line: u32, function: &str, message: &str) { let filename = basename(file); + let noext = &filename[0..filename.len() - 3]; sc_log_message(level, filename, line, function, + noext, message); } @@ -167,6 +169,7 @@ pub fn sc_log_message(level: Level, filename: &str, line: std::os::raw::c_uint, function: &str, + module: &str, message: &str) -> std::os::raw::c_int { unsafe { @@ -176,6 +179,7 @@ pub fn sc_log_message(level: Level, to_safe_cstring(filename).as_ptr(), line, to_safe_cstring(function).as_ptr(), + to_safe_cstring(module).as_ptr(), to_safe_cstring(message).as_ptr()); } } diff --git a/src/rust-context.h b/src/rust-context.h index 4b0303f49b..ad47b2c5c3 100644 --- a/src/rust-context.h +++ b/src/rust-context.h @@ -37,8 +37,8 @@ typedef struct HttpRangeContainerBlock HttpRangeContainerBlock; struct AppLayerParser; typedef struct SuricataContext_ { - SCError (*SCLogMessage)( - const SCLogLevel, const char *, const unsigned int, const char *, const char *message); + SCError (*SCLogMessage)(const SCLogLevel, const char *, const unsigned int, const char *, + const char *, const char *message); void (*DetectEngineStateFree)(DetectEngineState *); void (*AppLayerDecoderEventsSetEventRaw)(AppLayerDecoderEvents **, uint8_t); diff --git a/src/util-debug.c b/src/util-debug.c index db9a2df4a7..6ad14858a0 100644 --- a/src/util-debug.c +++ b/src/util-debug.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2020 Open Information Security Foundation +/* Copyright (C) 2007-2021 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -68,6 +68,11 @@ SCEnumCharMap sc_log_op_iface_map[ ] = { static SCMutex sc_log_stream_lock; #endif /* OS_WIN32 */ +/** + * \brief Transform the module name into display module name for logging + */ +static const char *SCTransformModule(const char *module_name, int *dn_len); + /** * \brief Holds the config state for the logging module */ @@ -193,7 +198,7 @@ static inline void SCLogPrintToSyslog(int syslog_log_level, const char *msg) */ static int SCLogMessageJSON(struct timeval *tval, char *buffer, size_t buffer_size, SCLogLevel log_level, const char *file, unsigned line, const char *function, - const char *message) + const char *module, const char *message) { json_t *js = json_object(); if (unlikely(js == NULL)) @@ -218,6 +223,18 @@ static int SCLogMessageJSON(struct timeval *tval, char *buffer, size_t buffer_si if (message) json_object_set_new(ejs, "message", json_string(message)); + if (t_thread_name[0] != '\0') { + json_object_set_new(ejs, "thread_name", json_string(t_thread_name)); + } + + if (module) { + /* Determine how much of module name to display */ + int dn_len = 0; + const char *dn_name; + dn_name = SCTransformModule(module, &dn_len); + json_object_set_new(ejs, "module", json_string(dn_name)); + } + if (log_level >= SC_LOG_DEBUG) { if (function) json_object_set_new(ejs, "function", json_string(function)); @@ -246,6 +263,68 @@ error: return -1; } +static const int transform_max_segs = 2; /* The maximum segment count to display */ +/* + * \brief Return a display name for the given module name for logging. + * + * The transformation is dependent upon the source code module names + * that use the dash character to separate incremental refinements of + * the subsystem. + * + * The transformation uses the local constant "transform_max_segs" to determine + * how many segments to display; the transformed name will never consist + * of more than this many segments. + * + * E.g., "detect-http-content-len" ==> "detect-http" when the max is 2 + * + * \param module_name The source code module name to be transformed. + * \param dn_len The number of characters in the display name to print. + * + * \retval Pointer to the display name + */ +static const char *SCTransformModule(const char *module_name, int *dn_len) +{ + /* + * special case for source code module names beginning with: + * Prefixes skipped + * tm-* + * util-* + * source-* + * No transformation + * app-layer-* + */ + if (strncmp("tm-", module_name, 3) == 0) { + *dn_len = strlen(module_name) - 3; + return module_name + 3; + } else if (strncmp("util-", module_name, 5) == 0) { + *dn_len = strlen(module_name) - 5; + return module_name + 5; + } else if (strncmp("source-", module_name, 7) == 0) { + *dn_len = strlen(module_name) - 7; + return module_name + 7; + } else if (strncmp("app-layer-", module_name, 10) == 0) { + *dn_len = strlen(module_name); + return module_name; + } + + int seg_cnt = 0; + + char *last; + char *w = (char *)module_name; + while (w && (w = strchr(w, '-')) != NULL && seg_cnt < transform_max_segs) { + seg_cnt++; + last = w; + w++; /* skip past '-' */ + } + + if (seg_cnt < transform_max_segs) + *dn_len = strlen(module_name); + else + *dn_len = last - module_name; + + return module_name; +} + /** * \brief Adds the global log_format to the outgoing buffer * @@ -258,14 +337,13 @@ error: * \retval 0 on success; else a negative value on error */ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPType type, - char *buffer, size_t buffer_size, const char *log_format, - - const SCLogLevel log_level, const char *file, const unsigned int line, const char *function, + char *buffer, size_t buffer_size, const char *log_format, const SCLogLevel log_level, + const char *file, const unsigned int line, const char *function, const char *module, const char *message) { if (type == SC_LOG_OP_TYPE_JSON) return SCLogMessageJSON( - tval, buffer, buffer_size, log_level, file, line, function, message); + tval, buffer, buffer_size, log_level, file, line, function, module, message); char *temp = buffer; const char *s = NULL; @@ -346,6 +424,7 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp substr++; break; + case SC_LOG_FMT_THREAD_NAME: case SC_LOG_FMT_TM: temp_fmt[0] = '\0'; cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s", substr, @@ -410,6 +489,26 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp substr++; break; + case SC_LOG_FMT_SUBSYSTEM: + temp_fmt[0] = '\0'; + + /* Determine how much of module name to display */ + int dn_len = 0; + const char *dn_name = "unknown"; + if (module) { + dn_name = SCTransformModule(module, &dn_len); + } + + cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), "%s%s%s%s", substr, + green, dn_name, reset); + if (cw < 0) + return -1; + temp += cw; + temp_fmt++; + substr = temp_fmt; + substr++; + break; + case SC_LOG_FMT_FUNCTION: temp_fmt[0] = '\0'; cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - buffer), @@ -421,7 +520,6 @@ static SCError SCLogMessageGetBuffer(struct timeval *tval, int color, SCLogOPTyp substr = temp_fmt; substr++; break; - } temp_fmt++; } @@ -493,7 +591,7 @@ static int SCLogReopen(SCLogOPIfaceCtx *op_iface_ctx) * \retval SC_OK on success; else an error code */ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line, - const char *function, const char *message) + const char *function, const char *module, const char *message) { char buffer[SC_LOG_MAX_LOG_MSG_LEN] = ""; SCLogOPIfaceCtx *op_iface_ctx = NULL; @@ -521,7 +619,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne buffer, sizeof(buffer), op_iface_ctx->log_format ? op_iface_ctx->log_format : sc_log_config->log_format, - log_level, file, line, function, message) == 0) { + log_level, file, line, function, module, message) == 0) { SCLogPrintToStream((log_level == SC_LOG_ERROR)? stderr: stdout, buffer); } break; @@ -529,7 +627,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne if (SCLogMessageGetBuffer(&tval, 0, op_iface_ctx->type, buffer, sizeof(buffer), op_iface_ctx->log_format ? op_iface_ctx->log_format : sc_log_config->log_format, - log_level, file, line, function, message) == 0) { + log_level, file, line, function, module, message) == 0) { int r = 0; SCMutexLock(&op_iface_ctx->fp_mutex); if (op_iface_ctx->rotation_flag) { @@ -550,7 +648,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne if (SCLogMessageGetBuffer(&tval, 0, op_iface_ctx->type, buffer, sizeof(buffer), op_iface_ctx->log_format ? op_iface_ctx->log_format : sc_log_config->log_format, - log_level, file, line, function, message) == 0) { + log_level, file, line, function, module, message) == 0) { SCLogPrintToSyslog(SCLogMapLogLevelToSyslogLevel(log_level), buffer); } break; @@ -562,7 +660,7 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigne return SC_OK; } -void SCLog(int x, const char *file, const char *func, const int line, +void SCLog(int x, const char *file, const char *func, const int line, const char *module, const char *fmt, ...) { if (sc_log_global_log_level >= x && @@ -577,11 +675,12 @@ void SCLog(int x, const char *file, const char *func, const int line, va_start(ap, fmt); vsnprintf(msg, sizeof(msg), fmt, ap); va_end(ap); - SCLogMessage(x, file, line, func, msg); + SCLogMessage(x, file, line, func, module, msg); } } -void SCLogErr(int x, const char *file, const char *func, const int line, const char *fmt, ...) +void SCLogErr(int x, const char *file, const char *func, const int line, const char *module, + const char *fmt, ...) { if (sc_log_global_log_level >= x && (sc_log_fg_filters_present == 0 || @@ -595,7 +694,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c va_start(ap, fmt); vsnprintf(msg, sizeof(msg), fmt, ap); va_end(ap); - SCLogMessage(x, file, line, func, msg); + SCLogMessage(x, file, line, func, module, msg); } } diff --git a/src/util-debug.h b/src/util-debug.h index 52ac19b01a..9b97c10ccf 100644 --- a/src/util-debug.h +++ b/src/util-debug.h @@ -77,8 +77,12 @@ typedef enum { } SCLogOPType; /* The default log_format, if it is not supplied by the user */ -#define SC_LOG_DEF_LOG_FORMAT_REL "%t - <%d> - " -#define SC_LOG_DEF_LOG_FORMAT_DEV "[%i] %t - (%f:%l) <%d> (%n) -- " +#define SC_LOG_DEF_LOG_FORMAT_REL "%t [%S] - <%d> - " +#ifdef DEBUG +#define SC_LOG_DEF_LOG_FORMAT_DEV "[%i] %t [%S] - (%f:%l) <%d> (%n) -- %E" +#else +#define SC_LOG_DEF_LOG_FORMAT_DEV "[%i] %t [%S] - <%d> -- %E" +#endif /* The maximum length of the log message */ #define SC_LOG_MAX_LOG_MSG_LEN 2048 @@ -192,45 +196,49 @@ typedef struct SCLogConfig_ { #define SC_LOG_FMT_FILE_NAME 'f' /* File name */ #define SC_LOG_FMT_LINE 'l' /* Line number */ #define SC_LOG_FMT_FUNCTION 'n' /* Function */ +#define SC_LOG_FMT_SUBSYSTEM 'S' /* Subsystem name */ +#define SC_LOG_FMT_THREAD_NAME 'T' /* thread name */ /* The log format prefix for the format specifiers */ #define SC_LOG_FMT_PREFIX '%' +/* Module and thread tagging */ +/* The module name, usually the containing source-module name */ +static const char *_sc_module __attribute__((unused)) = __SCFILENAME__; + extern SCLogLevel sc_log_global_log_level; extern int sc_log_module_initialized; extern int sc_log_module_cleaned; -void SCLog(int x, const char *file, const char *func, const int line, - const char *fmt, ...) ATTR_FMT_PRINTF(5,6); -void SCLogErr(int x, const char *file, const char *func, const int line, const char *fmt, ...) - ATTR_FMT_PRINTF(5, 6); +void SCLog(int x, const char *file, const char *func, const int line, const char *module, + const char *fmt, ...) ATTR_FMT_PRINTF(6, 7); +void SCLogErr(int x, const char *file, const char *func, const int line, const char *module, + const char *fmt, ...) ATTR_FMT_PRINTF(6, 7); /** * \brief Macro used to log INFORMATIONAL messages. * * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogInfo(...) SCLog(SC_LOG_INFO, \ - __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) -#define SCLogInfoRaw(file, func, line, ...) SCLog(SC_LOG_INFO, \ - (file), (func), (line), __VA_ARGS__) +#define SCLogInfo(...) SCLog(SC_LOG_INFO, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) +#define SCLogInfoRaw(file, func, line, ...) \ + SCLog(SC_LOG_INFO, (file), (func), (line), _sc_module, __VA_ARGS__) -#define SCLogConfig(...) SCLog(SC_LOG_CONFIG, \ - __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) -#define SCLogPerf(...) SCLog(SC_LOG_PERF, \ - __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogConfig(...) \ + SCLog(SC_LOG_CONFIG, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) +#define SCLogPerf(...) SCLog(SC_LOG_PERF, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) /** * \brief Macro used to log NOTICE messages. * * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogNotice(...) SCLog(SC_LOG_NOTICE, \ - __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) -#define SCLogNoticeRaw(file, func, line, ... ) SCLog(SC_LOG_NOTICE, \ - (file), (func), (line), __VA_ARGS__) +#define SCLogNotice(...) \ + SCLog(SC_LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) +#define SCLogNoticeRaw(file, func, line, ...) \ + SCLog(SC_LOG_NOTICE, (file), (func), (line), _sc_module, __VA_ARGS__) /** * \brief Macro used to log WARNING messages. @@ -239,9 +247,10 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c * warning message * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogWarning(...) SCLogErr(SC_LOG_WARNING, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogWarning(...) \ + SCLogErr(SC_LOG_WARNING, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) #define SCLogWarningRaw(file, func, line, ...) \ - SCLogErr(SC_LOG_WARNING, (file), (func), (line), __VA_ARGS__) + SCLogErr(SC_LOG_WARNING, (file), (func), (line), _sc_module, __VA_ARGS__) /** * \brief Macro used to log ERROR messages. @@ -250,9 +259,10 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c * error message * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogError(...) SCLogErr(SC_LOG_ERROR, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogError(...) \ + SCLogErr(SC_LOG_ERROR, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) #define SCLogErrorRaw(file, func, line, ...) \ - SCLogErr(SC_LOG_ERROR, (file), (func), (line), __VA_ARGS__) + SCLogErr(SC_LOG_ERROR, (file), (func), (line), _sc_module, __VA_ARGS__) /** * \brief Macro used to log CRITICAL messages. @@ -261,7 +271,8 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c * critical message * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogCritical(...) SCLogErr(SC_LOG_CRITICAL, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogCritical(...) \ + SCLogErr(SC_LOG_CRITICAL, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) /** * \brief Macro used to log ALERT messages. * @@ -269,7 +280,8 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c * alert message * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogAlert(...) SCLogErr(SC_LOG_ALERT, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogAlert(...) \ + SCLogErr(SC_LOG_ALERT, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) /** * \brief Macro used to log EMERGENCY messages. * @@ -277,7 +289,8 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c * emergency message * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogEmerg(...) SCLogErr(SC_LOG_EMERGENCY, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogEmerg(...) \ + SCLogErr(SC_LOG_EMERGENCY, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) /* Avoid the overhead of using the debugging subsystem, in production mode */ #ifndef DEBUG @@ -316,7 +329,8 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c * * \retval ... Takes as argument(s), a printf style format message */ -#define SCLogDebug(...) SCLog(SC_LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) +#define SCLogDebug(...) \ + SCLog(SC_LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, _sc_module, __VA_ARGS__) /** * \brief Macro used to log debug messages on function entry. Comes under the @@ -334,10 +348,9 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c } \ } while(0) - /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that don't return @@ -353,7 +366,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns an @@ -371,7 +384,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns an @@ -389,7 +402,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns a @@ -407,7 +420,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns a var @@ -425,7 +438,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns a @@ -444,10 +457,9 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c return x; \ } while(0) - /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns a var @@ -468,7 +480,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c /** * \brief Macro used to log debug messages on function exit. Comes under the - * debugging sybsystem, and hence will be enabled only in the presence + * debugging subsystem, and hence will be enabled only in the presence * of the DEBUG macro. Apart from logging function_exit logs, it also * processes the FD filters, if any FD filters are registered. This * function_exit macro should be used for functions that returns a @@ -551,8 +563,8 @@ void SCLogInitLogModule(SCLogInitData *); void SCLogDeInitLogModule(void); -SCError SCLogMessage( - const SCLogLevel, const char *, const unsigned int, const char *, const char *message); +SCError SCLogMessage(const SCLogLevel, const char *, const unsigned int, const char *, const char *, + const char *message); SCLogOPBuffer *SCLogAllocLogOPBuffer(void); diff --git a/suricata.yaml.in b/suricata.yaml.in index 3a2eabad12..0de87fe88e 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -551,7 +551,7 @@ logging: # output section. You can leave this out to get the default. # # This value is overridden by the SC_LOG_FORMAT env var. - #default-log-format: "[%i] %t - (%f:%l) <%d> (%n) -- " + #default-log-format: "[%i] %t [%S] - (%f:%l) <%d> (%n) -- " # A regex to filter output. Can be overridden in an output section. # Defaults to empty (no filter).