From: Victor Julien <victor@inliniac.net>
Date: Thu, 24 Jan 2019 11:23:37 +0000 (+0100)
Subject: eve.stats: warn that output might miss decoder-events
X-Git-Tag: suricata-4.1.3~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb18a1655c15d4025d2f0d79daf089079de41232;p=thirdparty%2Fsuricata.git

eve.stats: warn that output might miss decoder-events
---

diff --git a/src/counters.c b/src/counters.c
index 402960b195..d228336ba5 100644
--- a/src/counters.c
+++ b/src/counters.c
@@ -225,7 +225,7 @@ static ConfNode *GetConfig(void) {
 /**
  * \brief Initializes stats context
  */
-static void StatsInitCtx(void)
+static void StatsInitCtxPreOutput(void)
 {
     SCEnter();
 #ifdef AFLFUZZ_DISABLE_MGTTHREADS
@@ -265,6 +265,20 @@ static void StatsInitCtx(void)
         }
         stats_decoder_events_prefix = prefix;
     }
+    SCReturn;
+}
+
+static void StatsInitCtxPostOutput(void)
+{
+    SCEnter();
+    /* Store the engine start time */
+    time(&stats_start_time);
+
+    /* init the lock used by StatsThreadStore */
+    if (SCMutexInit(&stats_ctx->sts_lock, NULL) != 0) {
+        SCLogError(SC_ERR_INITIALIZATION, "error initializing sts mutex");
+        exit(EXIT_FAILURE);
+    }
 
     if (!OutputStatsLoggersRegistered()) {
         stats_loggers_active = 0;
@@ -278,15 +292,6 @@ static void StatsInitCtx(void)
         }
     }
 
-    /* Store the engine start time */
-    time(&stats_start_time);
-
-    /* init the lock used by StatsThreadStore */
-    if (SCMutexInit(&stats_ctx->sts_lock, NULL) != 0) {
-        SCLogError(SC_ERR_INITIALIZATION, "error initializing sts mutex");
-        exit(EXIT_FAILURE);
-    }
-
     SCReturn;
 }
 
@@ -860,11 +865,17 @@ void StatsInit(void)
     StatsPublicThreadContextInit(&stats_ctx->global_counter_ctx);
 }
 
-void StatsSetupPostConfig(void)
+void StatsSetupPostConfigPreOutput(void)
+{
+    StatsInitCtxPreOutput();
+}
+
+void StatsSetupPostConfigPostOutput(void)
 {
-    StatsInitCtx();
+    StatsInitCtxPostOutput();
 }
 
+
 /**
  * \brief Spawns the wakeup, and the management thread used by the stats api
  *
diff --git a/src/counters.h b/src/counters.h
index 800463cbc0..0035d20f71 100644
--- a/src/counters.h
+++ b/src/counters.h
@@ -105,7 +105,8 @@ typedef struct StatsPrivateThreadContext_ {
 
 /* the initialization functions */
 void StatsInit(void);
-void StatsSetupPostConfig(void);
+void StatsSetupPostConfigPreOutput(void);
+void StatsSetupPostConfigPostOutput(void);
 void StatsSpawnThreads(void);
 void StatsRegisterTests(void);
 
diff --git a/src/output-json-stats.c b/src/output-json-stats.c
index 004d6531a2..e9b09b3e3a 100644
--- a/src/output-json-stats.c
+++ b/src/output-json-stats.c
@@ -52,6 +52,9 @@
 
 #ifdef HAVE_LIBJANSSON
 
+extern bool stats_decoder_events;
+const char *stats_decoder_events_prefix;
+
 /**
  * specify which engine info will be printed in stats log.
  * ALL means both last reload and ruleset stats.
@@ -387,6 +390,14 @@ static OutputInitResult OutputStatsLogInit(ConfNode *conf)
         return result;
     }
 
+    if (stats_decoder_events &&
+            strcmp(stats_decoder_events_prefix, "decoder") == 0) {
+        SCLogWarning(SC_WARN_EVE_MISSING_EVENTS, "json stats will not display "
+                "all decoder events correctly. See #2225. Set a prefix in "
+                "stats.decoder-events-prefix. In 5.0 the prefix will default "
+                "to 'decoder.event'.");
+    }
+
     if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
         LogFileFreeCtx(file_ctx);
         return result;
@@ -449,6 +460,14 @@ static OutputInitResult OutputStatsLogInitSub(ConfNode *conf, OutputCtx *parent_
     if (unlikely(stats_ctx == NULL))
         return result;
 
+    if (stats_decoder_events &&
+            strcmp(stats_decoder_events_prefix, "decoder") == 0) {
+        SCLogWarning(SC_WARN_EVE_MISSING_EVENTS, "eve.stats will not display "
+                "all decoder events correctly. See #2225. Set a prefix in "
+                "stats.decoder-events-prefix. In 5.0 the prefix will default "
+                "to 'decoder.event'.");
+    }
+
     stats_ctx->flags = JSON_STATS_TOTALS;
 
     if (conf != NULL) {
diff --git a/src/suricata.c b/src/suricata.c
index a9e8c806fe..b6aaa56260 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2289,8 +2289,9 @@ void PreRunPostPrivsDropInit(const int runmode)
     if (runmode == RUNMODE_UNIX_SOCKET)
         return;
 
+    StatsSetupPostConfigPreOutput();
     RunModeInitializeOutputs();
-    StatsSetupPostConfig();
+    StatsSetupPostConfigPostOutput();
 }
 
 /* clean up / shutdown code for both the main modes and for
diff --git a/src/util-error.c b/src/util-error.c
index 60b04ccc82..4f069d42a0 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -358,6 +358,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_WINDIVERT_TOOLONG_FILTER);
         CASE_CODE (SC_WARN_RUST_NOT_AVAILABLE);
         CASE_CODE (SC_WARN_DEFAULT_WILL_CHANGE);
+        CASE_CODE (SC_WARN_EVE_MISSING_EVENTS);
 
         CASE_CODE (SC_ERR_MAX);
     }
diff --git a/src/util-error.h b/src/util-error.h
index 015c5720b6..80b6fbad93 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -348,6 +348,7 @@ typedef enum {
     SC_ERR_WINDIVERT_TOOLONG_FILTER,
     SC_WARN_RUST_NOT_AVAILABLE,
     SC_WARN_DEFAULT_WILL_CHANGE,
+    SC_WARN_EVE_MISSING_EVENTS,
 
     SC_ERR_MAX,
 } SCError;