Project

General

Profile

Download (7.58 KB)

Feature #127 ยป 0001-added-support-for-appending-the-log-files.patch

Gurvinder Singh, 12/12/2010 07:33 AM

View differences:

src/alert-debuglog.c
TmEcode AlertDebugLogThreadInit(ThreadVars *, void*, void **);
TmEcode AlertDebugLogThreadDeinit(ThreadVars *, void *);
void AlertDebugLogExitPrintStats(ThreadVars *, void *);
int AlertDebugLogOpenFileCtx(LogFileCtx* , const char *);
int AlertDebugLogOpenFileCtx(LogFileCtx* , const char *, const char *);
void TmModuleAlertDebugLogRegister (void) {
tmm_modules[TMM_ALERTDEBUGLOG].name = MODULE_NAME;
......
if (filename == NULL)
filename = DEFAULT_LOG_FILENAME;
const char *mode = ConfNodeLookupChildValue(conf, "append");
if (mode == NULL)
mode = DEFAULT_LOG_MODE_APPEND;
/** fill the new LogFileCtx with the specific AlertDebugLog configuration */
ret=AlertDebugLogOpenFileCtx(file_ctx, filename);
ret=AlertDebugLogOpenFileCtx(file_ctx, filename, mode);
if(ret < 0)
return NULL;
......
* \param filename name of log file
* \return -1 if failure, 0 if succesful
* */
int AlertDebugLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename)
int AlertDebugLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, const
char *mode)
{
int ret=0;
char log_path[PATH_MAX], *log_dir;
if (ConfGet("default-log-dir", &log_dir) != 1)
log_dir = DEFAULT_LOG_DIR;
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, DEFAULT_LOG_FILENAME);
file_ctx->fp = fopen(log_path, "w");
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
if (strncmp(mode, "yes", sizeof(mode)) == 0) {
file_ctx->fp = fopen(log_path, "a");
} else {
file_ctx->fp = fopen(log_path, "w");
}
if (file_ctx->fp == NULL) {
SCLogError(SC_ERR_FOPEN, "ERROR: failed to open %s: %s", log_path,
strerror(errno));
src/alert-fastlog.c
TmEcode AlertFastLogThreadInit(ThreadVars *, void *, void **);
TmEcode AlertFastLogThreadDeinit(ThreadVars *, void *);
void AlertFastLogExitPrintStats(ThreadVars *, void *);
static int AlertFastLogOpenFileCtx(LogFileCtx *, const char *);
static int AlertFastLogOpenFileCtx(LogFileCtx *, const char *, const char *);
void AlertFastLogRegisterTests(void);
static void AlertFastLogDeInitCtx(OutputCtx *);
......
const char *filename = ConfNodeLookupChildValue(conf, "filename");
if (filename == NULL)
filename = DEFAULT_LOG_FILENAME;
if (AlertFastLogOpenFileCtx(logfile_ctx, filename) < 0) {
const char *mode = ConfNodeLookupChildValue(conf, "append");
if (mode == NULL)
mode = DEFAULT_LOG_MODE_APPEND;
if (AlertFastLogOpenFileCtx(logfile_ctx, filename, mode) < 0) {
LogFileFreeCtx(logfile_ctx);
return NULL;
}
......
* \param filename name of log file
* \return -1 if failure, 0 if succesful
* */
static int AlertFastLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename)
static int AlertFastLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename,
const char *mode)
{
char log_path[PATH_MAX], *log_dir;
if (ConfGet("default-log-dir", &log_dir) != 1)
log_dir = DEFAULT_LOG_DIR;
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
file_ctx->fp = fopen(log_path, "w");
if (strncmp(mode, "yes", sizeof(mode)) == 0) {
file_ctx->fp = fopen(log_path, "a");
} else {
file_ctx->fp = fopen(log_path, "w");
}
if (file_ctx->fp == NULL) {
SCLogError(SC_ERR_FOPEN, "ERROR: failed to open %s: %s", log_path,
src/log-httplog.c
TmEcode LogHttpLogThreadInit(ThreadVars *, void *, void **);
TmEcode LogHttpLogThreadDeinit(ThreadVars *, void *);
void LogHttpLogExitPrintStats(ThreadVars *, void *);
int LogHttpLogOpenFileCtx(LogFileCtx* , const char *);
int LogHttpLogOpenFileCtx(LogFileCtx* , const char *, const char *);
static void LogHttpLogDeInitCtx(OutputCtx *);
void TmModuleLogHttpLogRegister (void) {
......
if (filename == NULL)
filename = DEFAULT_LOG_FILENAME;
const char *mode = ConfNodeLookupChildValue(conf, "append");
if (mode == NULL)
mode = DEFAULT_LOG_MODE_APPEND;
/** fill the new LogFileCtx with the specific LogHttpLog configuration */
ret=LogHttpLogOpenFileCtx(file_ctx, filename);
ret=LogHttpLogOpenFileCtx(file_ctx, filename, mode);
if(ret < 0)
return NULL;
......
* \param config_file for loading separate configs
* \return -1 if failure, 0 if succesful
* */
int LogHttpLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename)
int LogHttpLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, const
char *mode)
{
char log_path[PATH_MAX], *log_dir;
if (ConfGet("default-log-dir", &log_dir) != 1)
log_dir = DEFAULT_LOG_DIR;
snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename);
file_ctx->fp = fopen(log_path, "w");
if (strncmp(mode, "yes", sizeof(mode)) == 0) {
file_ctx->fp = fopen(log_path, "a");
} else {
file_ctx->fp = fopen(log_path, "w");
}
if (file_ctx->fp == NULL) {
SCLogError(SC_ERR_FOPEN, "ERROR: failed to open %s: %s", log_path,
src/output.h
#include "suricata.h"
#define DEFAULT_LOG_MODE_APPEND "yes"
typedef struct OutputModule_ {
char *name;
char *conf_name;
suricata.yaml
- fast:
enabled: yes
filename: fast.log
append: yes
# log output for use with Barnyard
- unified-log:
......
- http-log:
enabled: yes
filename: http.log
append: yes
# a full alerts log containing much information for signature writers
# or for investigating suspected false positives.
- alert-debug:
enabled: no
filename: alert-debug.log
append: yes
# alert output to prelude (http://www.prelude-technologies.com/) only
# available if Suricata has been compiled with --enable-prelude
    (1-1/1)