From: Victor Julien <victor@inliniac.net>
Date: Mon, 28 Jul 2014 07:27:17 +0000 (+0200)
Subject: Fix eve 'filetype' parsing
X-Git-Tag: suricata-2.1beta1~74
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fdd407751e3ebfdd17750ff414dd6fa2f7ce9a9f;p=thirdparty%2Fsuricata.git

Fix eve 'filetype' parsing

Now that we use 'filetype' instead of 'type', we should also
use 'regular' instead of 'file'.

Added fallback to make sure we stay compatible to old configs.
---

diff --git a/src/output-json.c b/src/output-json.c
index b8f6ff5ef4..547f0ac3d4 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -394,7 +394,8 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
         }
 
         if (output_s != NULL) {
-            if (strcmp(output_s, "file") == 0) {
+            if (strcmp(output_s, "file") == 0 ||
+                strcmp(output_s, "regular") == 0) {
                 json_ctx->json_out = ALERT_FILE;
             } else if (strcmp(output_s, "syslog") == 0) {
                 json_ctx->json_out = ALERT_SYSLOG;
diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c
index 6d0a25deac..4e42ceef40 100644
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@@ -199,7 +199,8 @@ SCConfLogOpenGeneric(ConfNode *conf,
         log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_DGRAM);
         if (log_ctx->fp == NULL)
             return -1; // Error already logged by Open...Fp routine
-    } else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0) {
+    } else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0 ||
+               strcasecmp(filetype, "file") == 0) {
         log_ctx->fp = SCLogOpenFileFp(log_path, append);
         if (log_ctx->fp == NULL)
             return -1; // Error already logged by Open...Fp routine
@@ -216,7 +217,7 @@ SCConfLogOpenGeneric(ConfNode *conf,
             return -1; // Error already logged by Open...Fp routine
     } else {
         SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for "
-                   "%s.type.  Expected \"regular\" (default), \"unix_stream\", "
+                   "%s.filetype.  Expected \"regular\" (default), \"unix_stream\", "
                    "\"pcie\" "
                    "or \"unix_dgram\"",
                    conf->name);
diff --git a/suricata.yaml.in b/suricata.yaml.in
index df9e4e3015..9405003eeb 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -85,7 +85,7 @@ outputs:
   # Extensible Event Format (nicknamed EVE) event log in JSON format
   - eve-log:
       enabled: yes
-      filetype: file #file|syslog|unix_dgram|unix_stream
+      filetype: regular #regular|syslog|unix_dgram|unix_stream
       filename: eve.json
       # the following are valid when type: syslog above
       #identity: "suricata"