From 01795145766bc0b7d10691d457dd3e1d1b71a7c9 Mon Sep 17 00:00:00 2001 From: Julian Date: Sun, 28 May 2017 12:22:25 +0200 Subject: [PATCH] redis: support for rpush in list mode This adds a new redis mode rpush. Also more consistent config keywords orientated at the redis command: lpush and publish. Keeping list and channel config keywords for backwards compatibility. Removed unnecessary checks. --- doc/userguide/configuration/suricata-yaml.rst | 4 +++- doc/userguide/output/eve/eve-json-output.rst | 8 +++++-- src/util-error.c | 1 + src/util-error.h | 1 + src/util-logopenfile.c | 23 +++++++++---------- suricata.yaml.in | 4 +++- 6 files changed, 25 insertions(+), 16 deletions(-) diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 8feee0f538..79a48761fd 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -267,7 +267,9 @@ integration with 3rd party tools like logstash. #redis: # server: 127.0.0.1 # port: 6379 - # mode: list ## possible values: list (default), channel + # mode: list ## possible values: list|lpush (default), rpush, channel|publish + # ## lpush and rpush are using a Redis list. "list" is an alias for lpush + # ## publish is using a Redis channel. "channel" is an alias for publish # key: suricata ## key or channel to use (default to suricata) # Redis pipelining set up. This will enable to only do a query every # 'batch-size' events. This should lower the latency induced by network diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst index 104fc10b46..329e4db9b4 100644 --- a/doc/userguide/output/eve/eve-json-output.rst +++ b/doc/userguide/output/eve/eve-json-output.rst @@ -24,7 +24,9 @@ The most common way to use this is through 'EVE', which is a firehose approach w #redis: # server: 127.0.0.1 # port: 6379 - # mode: list ## possible values: list (default), channel + # mode: list ## possible values: list|lpush (default), rpush, channel|publish + # ## lpush and rpush are using a Redis list. "list" is an alias for lpush + # ## publish is using a Redis channel. "channel" is an alias for publish # key: suricata ## key or channel to use (default to suricata) # Redis pipelining set up. This will enable to only do a query every # 'batch-size' events. This should lower the latency induced by network @@ -134,7 +136,9 @@ Output types:: #redis: # server: 127.0.0.1 # port: 6379 - # mode: list ## possible values: list (default), channel + # mode: list ## possible values: list|lpush (default), rpush, channel|publish + # ## lpush and rpush are using a Redis list. "list" is an alias for lpush + # ## publish is using a Redis channel. "channel" is an alias for publish # key: suricata ## key or channel to use (default to suricata) # Redis pipelining set up. This will enable to only do a query every # 'batch-size' events. This should lower the latency induced by network diff --git a/src/util-error.c b/src/util-error.c index 105add555d..2d51aad7b4 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -335,6 +335,7 @@ const char * SCErrorToString(SCError err) CASE_CODE(SC_WARN_REMOVE_FILE); CASE_CODE (SC_ERR_NO_MAGIC_SUPPORT); CASE_CODE (SC_ERR_REDIS); + CASE_CODE (SC_ERR_REDIS_CONFIG); } return "UNKNOWN_ERROR"; diff --git a/src/util-error.h b/src/util-error.h index acaec81625..4d72b92def 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -325,6 +325,7 @@ typedef enum { SC_WARN_REMOVE_FILE, SC_ERR_NO_MAGIC_SUPPORT, SC_ERR_REDIS, + SC_ERR_REDIS_CONFIG, } SCError; const char *SCErrorToString(SCError); diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c index 636aaab83f..726af9767a 100644 --- a/src/util-logopenfile.c +++ b/src/util-logopenfile.c @@ -34,7 +34,8 @@ #include "util-logopenfile.h" #include "util-logopenfile-tile.h" -const char * redis_push_cmd = "LPUSH"; +const char * redis_lpush_cmd = "LPUSH"; +const char * redis_rpush_cmd = "RPUSH"; const char * redis_publish_cmd = "PUBLISH"; /** \brief connect to the indicated local stream socket, logging any errors @@ -410,19 +411,17 @@ int SCConfLogOpenRedis(ConfNode *redis_node, LogFileCtx *log_ctx) } } - if (!strcmp(redis_mode, "list")) { - log_ctx->redis_setup.command = redis_push_cmd; - if (!log_ctx->redis_setup.command) { - SCLogError(SC_ERR_MEM_ALLOC, "Unable to allocate redis key command"); - exit(EXIT_FAILURE); - } - } else { + if (!strcmp(redis_mode, "list") || !strcmp(redis_mode,"lpush")) { + log_ctx->redis_setup.command = redis_lpush_cmd; + } else if(!strcmp(redis_mode, "rpush")){ + log_ctx->redis_setup.command = redis_rpush_cmd; + } else if(!strcmp(redis_mode,"channel") || !strcmp(redis_mode,"publish")) { log_ctx->redis_setup.command = redis_publish_cmd; - if (!log_ctx->redis_setup.command) { - SCLogError(SC_ERR_MEM_ALLOC, "Unable to allocate redis key command"); - exit(EXIT_FAILURE); - } + } else { + SCLogError(SC_ERR_REDIS_CONFIG,"Invalid redis mode"); + exit(EXIT_FAILURE); } + redisContext *c = redisConnect(redis_server, atoi(redis_port)); if (c != NULL && c->err) { SCLogError(SC_ERR_SOCKET, "Error connecting to redis server: %s", c->errstr); diff --git a/suricata.yaml.in b/suricata.yaml.in index caecd0798a..024da11679 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -148,7 +148,9 @@ outputs: #redis: # server: 127.0.0.1 # port: 6379 - # mode: list ## possible values: list (default), channel + # mode: list ## possible values: list|lpush (default), rpush, channel|publish + # ## lpush and rpush are using a Redis list. "list" is an alias for lpush + # ## publish is using a Redis channel. "channel" is an alias for publish # key: suricata ## key or channel to use (default to suricata) # Redis pipelining set up. This will enable to only do a query every # 'batch-size' events. This should lower the latency induced by network -- 2.47.2