From ae83db57f6821636620746ae0a6acf58bf709c0b Mon Sep 17 00:00:00 2001 From: pilcrow Date: Tue, 6 Dec 2011 11:48:28 -0600 Subject: [PATCH 1/5] SCConfLogOpenGeneric() abstraction for regular and AF_UNIX logs. util-logopenfile.[ch] implements the abstraction; util-error.[ch] modified to include a socket-specific error code; output.h adds a default filetype for logs ("regular"). --- src/output.h | 1 + src/util-error.c | 3 +- src/util-error.h | 1 + src/util-logopenfile.c | 165 ++++++++++++++++++++++++++++++++++++++++++++++++ src/util-logopenfile.h | 33 ++++++++++ 5 files changed, 202 insertions(+), 1 deletions(-) create mode 100644 src/util-logopenfile.c create mode 100644 src/util-logopenfile.h diff --git a/src/output.h b/src/output.h index 674f3c3..ba47dca 100644 --- a/src/output.h +++ b/src/output.h @@ -28,6 +28,7 @@ #include "tm-threads.h" #define DEFAULT_LOG_MODE_APPEND "yes" +#define DEFAULT_LOG_FILETYPE "regular" typedef struct OutputModule_ { char *name; diff --git a/src/util-error.c b/src/util-error.c index dedd00e..f0ddd7f 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -181,7 +181,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_LIBCAP_NG_REQUIRED); CASE_CODE (SC_ERR_LIBNET11_INCOMPATIBLE_WITH_LIBCAP_NG); CASE_CODE (SC_WARN_FLOW_EMERGENCY); - CASE_CODE (SC_ERR_SVC); + CASE_CODE (SC_ERR_SVC); CASE_CODE (SC_ERR_ERF_DAG_OPEN_FAILED); CASE_CODE (SC_ERR_ERF_DAG_STREAM_OPEN_FAILED); CASE_CODE (SC_ERR_ERF_DAG_STREAM_START_FAILED); @@ -210,6 +210,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_AFP_READ); CASE_CODE (SC_ERR_AFP_DISPATCH); CASE_CODE (SC_ERR_CMD_LINE); + CASE_CODE (SC_ERR_SOCKET); default: return "UNKNOWN_ERROR"; diff --git a/src/util-error.h b/src/util-error.h index 4462b57..a3683a8 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -225,6 +225,7 @@ typedef enum { SC_ERR_CMD_LINE, SC_ERR_MAGIC_OPEN, SC_ERR_MAGIC_LOAD, + SC_ERR_SOCKET, } SCError; const char *SCErrorToString(SCError); diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c new file mode 100644 index 0000000..a9509a3 --- /dev/null +++ b/src/util-logopenfile.c @@ -0,0 +1,165 @@ +/* vi: set et ts=4: */ +/* Copyright (C) 2007-2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Mike Pomraning + * + * File-like output for logging: regular files and sockets. + */ +#include +#include + +#include "suricata-common.h" /* errno.h, string.h, etc. */ +#include "tm-modules.h" /* LogFileCtx */ +#include "conf.h" /* ConfNode, etc. */ +#include "output.h" /* DEFAULT_LOG_* */ + +/** \brief connect to the indicated local stream socket, logging any errors + * \param path filesystem path to connect to + * \retval FILE* on success (fdopen'd wrapper of underlying socket) + * \retval NULL on error + */ +static FILE * +SCLogOpenUnixSocketFp(const char *path, int sock_type) +{ + struct sockaddr_un sun = {0}; + int s = -1; + FILE * ret = NULL; + + s = socket(PF_UNIX, sock_type, 0); + if (s < 0) goto err; + + sun.sun_family = AF_UNIX; + strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1); + + if (connect(s, (const struct sockaddr *)&sun, sizeof(sun)) < 0) + goto err; + + ret = fdopen(s, "w"); + if (ret == NULL) + goto err; + + return ret; + +err: + SCLogError(SC_ERR_SOCKET, "Error connecting to socket \"%s\": %s", + path, strerror(errno)); + + if (s >= 0) + close(s); + + return NULL; +} + +/** \brief open the indicated file, logging any errors + * \param path filesystem path to open + * \param append_setting open file with O_APPEND: "yes" or "no" + * \retval FILE* on success + * \retval NULL on error + */ +static FILE * +SCLogOpenFileFp(const char *path, const char *append_setting) +{ + FILE *ret = NULL; + + if (strcasecmp(append_setting, "yes") == 0) { + ret = fopen(path, "a"); + } else { + ret = fopen(path, "w"); + } + + if (ret == NULL) + SCLogError(SC_ERR_FOPEN, "Error opening file: \"%s\": %s", + path, strerror(errno)); + return ret; +} + +/** \brief open a generic output "log file", which may be a regular file or a socket + * \param conf ConfNode structure for the output section in question + * \param log_ctx Log file context allocated by caller + * \param default_filename Default name of file to open, if not specified in ConfNode + * \retval 0 on success + * \retval -1 on error + */ +int +SCConfLogOpenGeneric(ConfNode *conf, + LogFileCtx *log_ctx, + const char *default_filename) +{ + char log_path[PATH_MAX]; + char *log_dir; + const char *filename, *filetype; + + // Arg check + if (conf == NULL || log_ctx == NULL || default_filename == NULL) { + SCLogError(SC_ERR_INVALID_ARGUMENT, + "SCConfLogOpenGeneric(conf %p, ctx %p, default %p) " + "missing an argument", + conf, log_ctx, default_filename); + return -1; + } + if (log_ctx->fp != NULL) { + SCLogError(SC_ERR_INVALID_ARGUMENT, + "SCConfLogOpenGeneric: previously initialized Log CTX " + "encountered"); + return -1; + } + + // Resolve the given config + filename = ConfNodeLookupChildValue(conf, "filename"); + if (filename == NULL) + filename = default_filename; + + if (ConfGet("default-log-dir", &log_dir) != 1) + log_dir = DEFAULT_LOG_DIR; + + snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename); + + filetype = ConfNodeLookupChildValue(conf, "filetype"); + if (filetype == NULL) + filetype = DEFAULT_LOG_FILETYPE; + + // Now, what have we been asked to open? + if (strcasecmp(filetype, "unix_stream") == 0) { + log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_STREAM); + } else if (strcasecmp(filetype, "unix_dgram") == 0) { + log_ctx->fp = SCLogOpenUnixSocketFp(log_path, SOCK_DGRAM); + } else if (strcasecmp(filetype, DEFAULT_LOG_FILETYPE) == 0) { + const char *append; + + append = ConfNodeLookupChildValue(conf, "append"); + if (append == NULL) + append = DEFAULT_LOG_MODE_APPEND; + log_ctx->fp = SCLogOpenFileFp(log_path, append); + } else { + SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for " + "%s.type. Expected \"regular\" (default), \"unix_stream\" " + "or \"unix_dgram\"", + conf->name); + } + + if (log_ctx->fp == NULL) + return -1; // Error already logged by Open...Fp routine + + SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype, + filename); + + return 0; +} diff --git a/src/util-logopenfile.h b/src/util-logopenfile.h new file mode 100644 index 0000000..a02bc5b --- /dev/null +++ b/src/util-logopenfile.h @@ -0,0 +1,33 @@ +/* Copyright (C) 2007-2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Mike Pomraning + */ + +#ifndef __UTIL_LOGOPENFILE_H__ +#define __UTIL_LOGOPENFILE_H__ + +#include "conf.h" /* ConfNode */ +#include "tm-modules.h" /* LogFileCtx */ + +int SCConfLogOpenGeneric(ConfNode *conf, LogFileCtx *, const char *); + +#endif /* __UTIL_LOGOPENFILE_H__ */ + -- 1.7.4.1 From b0aaf76764f7742c82736b9f629c06499e0d5693 Mon Sep 17 00:00:00 2001 From: pilcrow Date: Tue, 6 Dec 2011 11:51:09 -0600 Subject: [PATCH 2/5] Switch 'fast', 'http-log', 'drop' and 'alert-debug' to SCConfLogOpenGeneric. --- src/alert-debuglog.c | 52 ++++------------------------------------------- src/alert-fastlog.c | 47 +----------------------------------------- src/log-droplog.c | 46 +---------------------------------------- src/log-httplog.c | 54 +++++-------------------------------------------- 4 files changed, 15 insertions(+), 184 deletions(-) diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c index 830692f..35f29c4 100644 --- a/src/alert-debuglog.c +++ b/src/alert-debuglog.c @@ -54,6 +54,7 @@ #include "flow-bit.h" #include "util-var-name.h" #include "util-optimize.h" +#include "util-logopenfile.h" #define DEFAULT_LOG_FILENAME "alert-debug.log" @@ -65,7 +66,6 @@ TmEcode AlertDebugLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQ TmEcode AlertDebugLogThreadInit(ThreadVars *, void*, void **); TmEcode AlertDebugLogThreadDeinit(ThreadVars *, void *); void AlertDebugLogExitPrintStats(ThreadVars *, void *); -int AlertDebugLogOpenFileCtx(LogFileCtx* , const char *, const char *); void TmModuleAlertDebugLogRegister (void) { tmm_modules[TMM_ALERTDEBUGLOG].name = MODULE_NAME; @@ -447,23 +447,14 @@ OutputCtx *AlertDebugLogInitCtx(ConfNode *conf) LogFileCtx *file_ctx = NULL; file_ctx = LogFileNewCtx(); - if(file_ctx == NULL) { + if (file_ctx == NULL) { SCLogDebug("couldn't create new file_ctx"); goto error; } - const char *filename = ConfNodeLookupChildValue(conf, "filename"); - if (filename == NULL) - filename = DEFAULT_LOG_FILENAME; - - const char *mode = ConfNodeLookupChildValue(conf, "append"); - if (mode == NULL) - mode = DEFAULT_LOG_MODE_APPEND; - - /** fill the new LogFileCtx with the specific AlertDebugLog configuration */ - ret = AlertDebugLogOpenFileCtx(file_ctx, filename, mode); - if(ret < 0) + if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) { goto error; + } OutputCtx *output_ctx = SCMalloc(sizeof(OutputCtx)); if (output_ctx == NULL) @@ -473,7 +464,7 @@ OutputCtx *AlertDebugLogInitCtx(ConfNode *conf) output_ctx->data = file_ctx; output_ctx->DeInit = AlertDebugLogDeInitCtx; - SCLogInfo("Alert debug log output initialized, filename: %s", filename); + SCLogInfo("Alert debug log output initialized"); return output_ctx; error: @@ -483,36 +474,3 @@ error: return NULL; } - -/** \brief Read the config set the file pointer, open the file - * \param file_ctx pointer to a created LogFileCtx using LogFileNewCtx() - * \param filename name of log file - * \param mode append mode (bool) - * \return -1 if failure, 0 if succesful - * */ -int AlertDebugLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, const - char *mode) -{ - char log_path[PATH_MAX]; - char *log_dir; - - if (ConfGet("default-log-dir", &log_dir) != 1) - log_dir = DEFAULT_LOG_DIR; - - snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename); - - if (ConfValIsTrue(mode)) { - file_ctx->fp = fopen(log_path, "a"); - } else { - file_ctx->fp = fopen(log_path, "w"); - } - - if (file_ctx->fp == NULL) { - SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, - strerror(errno)); - return -1; - } - - return 0; -} - diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c index c10bd3e..b0728c4 100644 --- a/src/alert-fastlog.c +++ b/src/alert-fastlog.c @@ -57,6 +57,7 @@ #include "util-print.h" #include "util-proto-name.h" #include "util-optimize.h" +#include "util-logopenfile.h" #define DEFAULT_LOG_FILENAME "fast.log" @@ -68,7 +69,6 @@ TmEcode AlertFastLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQu TmEcode AlertFastLogThreadInit(ThreadVars *, void *, void **); TmEcode AlertFastLogThreadDeinit(ThreadVars *, void *); void AlertFastLogExitPrintStats(ThreadVars *, void *); -static int AlertFastLogOpenFileCtx(LogFileCtx *, const char *, const char *); void AlertFastLogRegisterTests(void); static void AlertFastLogDeInitCtx(OutputCtx *); @@ -344,15 +344,7 @@ OutputCtx *AlertFastLogInitCtx(ConfNode *conf) return NULL; } - const char *filename = ConfNodeLookupChildValue(conf, "filename"); - if (filename == NULL) - filename = DEFAULT_LOG_FILENAME; - - const char *mode = ConfNodeLookupChildValue(conf, "append"); - if (mode == NULL) - mode = DEFAULT_LOG_MODE_APPEND; - - if (AlertFastLogOpenFileCtx(logfile_ctx, filename, mode) < 0) { + if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME) < 0) { LogFileFreeCtx(logfile_ctx); return NULL; } @@ -363,8 +355,6 @@ OutputCtx *AlertFastLogInitCtx(ConfNode *conf) output_ctx->data = logfile_ctx; output_ctx->DeInit = AlertFastLogDeInitCtx; - SCLogInfo("Fast log output initialized, filename: %s", filename); - return output_ctx; } @@ -375,39 +365,6 @@ static void AlertFastLogDeInitCtx(OutputCtx *output_ctx) SCFree(output_ctx); } -/** \brief Read the config set the file pointer, open the file - * \param file_ctx pointer to a created LogFileCtx using LogFileNewCtx() - * \param filename name of log file - * \param mode append mode (bool) - * \return -1 if failure, 0 if succesful - * */ -static int AlertFastLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, - const char *mode) -{ - char log_path[PATH_MAX]; - char *log_dir; - - if (ConfGet("default-log-dir", &log_dir) != 1) - log_dir = DEFAULT_LOG_DIR; - - snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename); - - if (ConfValIsTrue(mode)) { - file_ctx->fp = fopen(log_path, "a"); - } else { - file_ctx->fp = fopen(log_path, "w"); - } - - if (file_ctx->fp == NULL) { - SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, - strerror(errno)); - return -1; - } - - return 0; -} - - /*------------------------------Unittests-------------------------------------*/ #ifdef UNITTESTS diff --git a/src/log-droplog.c b/src/log-droplog.c index 7fcd040..6404a75 100644 --- a/src/log-droplog.c +++ b/src/log-droplog.c @@ -53,6 +53,7 @@ #include "util-privs.h" #include "util-print.h" #include "util-proto-name.h" +#include "util-logopenfile.h" #define DEFAULT_LOG_FILENAME "drop.log" @@ -66,7 +67,6 @@ TmEcode LogDropLogThreadInit(ThreadVars *, void *, void **); TmEcode LogDropLogThreadDeinit(ThreadVars *, void *); OutputCtx *LogDropLogInitCtx(ConfNode *); static void LogDropLogDeInitCtx(OutputCtx *); -static int LogDropLogOpenFileCtx(LogFileCtx *, const char *, const char *); void LogDropLogRegisterTests(void); void LogDropLogExitPrintStats(ThreadVars *, void *); @@ -152,15 +152,7 @@ OutputCtx *LogDropLogInitCtx(ConfNode *conf) return NULL; } - const char *filename = ConfNodeLookupChildValue(conf, "filename"); - if (filename == NULL) - filename = DEFAULT_LOG_FILENAME; - - const char *mode = ConfNodeLookupChildValue(conf, "append"); - if (mode == NULL) - mode = DEFAULT_LOG_MODE_APPEND; - - if (LogDropLogOpenFileCtx(logfile_ctx, filename, mode) < 0) { + if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME) < 0) { LogFileFreeCtx(logfile_ctx); return NULL; } @@ -173,8 +165,6 @@ OutputCtx *LogDropLogInitCtx(ConfNode *conf) output_ctx->data = logfile_ctx; output_ctx->DeInit = LogDropLogDeInitCtx; - SCLogInfo("Drop log output initialized, filename: %s", filename); - return output_ctx; } @@ -194,38 +184,6 @@ static void LogDropLogDeInitCtx(OutputCtx *output_ctx) } } -/** \brief Read the config set the file pointer, open the file - * \param file_ctx pointer to a created LogFileCtx using LogFileNewCtx() - * \param filename name of log file - * \param mode append mode (bool) - * \return -1 if failure, 0 if succesful - * */ -static int LogDropLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, - const char *mode) -{ - char log_path[PATH_MAX]; - char *log_dir; - - if (ConfGet("default-log-dir", &log_dir) != 1) - log_dir = DEFAULT_LOG_DIR; - - snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename); - - if (ConfValIsTrue(mode)) { - file_ctx->fp = fopen(log_path, "a"); - } else { - file_ctx->fp = fopen(log_path, "w"); - } - - if (file_ctx->fp == NULL) { - SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, - strerror(errno)); - return -1; - } - - return 0; -} - /** \brief Function to create the time string from the packet timestamp */ static void CreateTimeString (const struct timeval *ts, char *str, size_t size) { time_t time = ts->tv_sec; diff --git a/src/log-httplog.c b/src/log-httplog.c index e32a2ab..e6c6b4a 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -46,6 +46,8 @@ #include "app-layer.h" #include "util-privs.h" +#include "util-logopenfile.h" + #define DEFAULT_LOG_FILENAME "http.log" #define MODULE_NAME "LogHttpLog" @@ -56,7 +58,6 @@ TmEcode LogHttpLogIPv6(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueu TmEcode LogHttpLogThreadInit(ThreadVars *, void *, void **); TmEcode LogHttpLogThreadDeinit(ThreadVars *, void *); void LogHttpLogExitPrintStats(ThreadVars *, void *); -int LogHttpLogOpenFileCtx(LogFileCtx* , const char *, const char *); static void LogHttpLogDeInitCtx(OutputCtx *); void TmModuleLogHttpLogRegister (void) { @@ -402,8 +403,6 @@ void LogHttpLogExitPrintStats(ThreadVars *tv, void *data) { * */ OutputCtx *LogHttpLogInitCtx(ConfNode *conf) { - int ret=0; - LogFileCtx* file_ctx=LogFileNewCtx(); if(file_ctx == NULL) @@ -413,18 +412,10 @@ OutputCtx *LogHttpLogInitCtx(ConfNode *conf) return NULL; } - const char *filename = ConfNodeLookupChildValue(conf, "filename"); - if (filename == NULL) - filename = DEFAULT_LOG_FILENAME; - - const char *mode = ConfNodeLookupChildValue(conf, "append"); - if (mode == NULL) - mode = DEFAULT_LOG_MODE_APPEND; - /** fill the new LogFileCtx with the specific LogHttpLog configuration */ - ret=LogHttpLogOpenFileCtx(file_ctx, filename, mode); - - if(ret < 0) + if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) { + LogFileFreeCtx(file_ctx); return NULL; + } LogHttpFileCtx *httplog_ctx = SCCalloc(1, sizeof(LogHttpFileCtx)); if (httplog_ctx == NULL) @@ -445,7 +436,7 @@ OutputCtx *LogHttpLogInitCtx(ConfNode *conf) output_ctx->data = httplog_ctx; output_ctx->DeInit = LogHttpLogDeInitCtx; - SCLogInfo("HTTP log output initialized, filename: %s", filename); + SCLogInfo("HTTP log output initialized"); return output_ctx; } @@ -457,36 +448,3 @@ static void LogHttpLogDeInitCtx(OutputCtx *output_ctx) SCFree(httplog_ctx); SCFree(output_ctx); } - -/** \brief Read the config set the file pointer, open the file - * \param file_ctx pointer to a created LogFileCtx using LogFileNewCtx() - * \param filename name of log file - * \param mode append mode (bool) - * \return -1 if failure, 0 if succesful - * */ -int LogHttpLogOpenFileCtx(LogFileCtx *file_ctx, const char *filename, const - char *mode) -{ - char log_path[PATH_MAX]; - char *log_dir; - - if (ConfGet("default-log-dir", &log_dir) != 1) - log_dir = DEFAULT_LOG_DIR; - - snprintf(log_path, PATH_MAX, "%s/%s", log_dir, filename); - - if (ConfValIsTrue(mode)) { - file_ctx->fp = fopen(log_path, "a"); - } else { - file_ctx->fp = fopen(log_path, "w"); - } - - if (file_ctx->fp == NULL) { - SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, - strerror(errno)); - return -1; - } - - return 0; -} - -- 1.7.4.1 From fa7041507fa9783cf81afc4fe55223a2029e58b4 Mon Sep 17 00:00:00 2001 From: pilcrow Date: Tue, 6 Dec 2011 11:52:30 -0600 Subject: [PATCH 3/5] Touch up Makefile for SCConfLogOpenGeneric. --- src/Makefile.am | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 01daf44..d99bd21 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -273,7 +273,8 @@ util-action.c util-action.h \ win32-syslog.h \ util-profiling.c util-profiling.h \ cuda-packet-batcher.c cuda-packet-batcher.h \ -util-ioctl.h util-ioctl.c +util-ioctl.h util-ioctl.c \ +util-logopenfile.h util-logopenfile.c # set the include path found by configure INCLUDES= $(all_includes) -- 1.7.4.1 From 5db3de30a669940fde1ed4f26fd08b6214f37650 Mon Sep 17 00:00:00 2001 From: pilcrow Date: Tue, 6 Dec 2011 11:52:54 -0600 Subject: [PATCH 4/5] Document new "filetype" argument for 'fast', 'http-log', etc. --- suricata.yaml | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/suricata.yaml b/suricata.yaml index a63d078..1471dbb 100644 --- a/suricata.yaml +++ b/suricata.yaml @@ -50,6 +50,7 @@ outputs: enabled: yes filename: fast.log append: yes + #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' # alert output for use with Barnyard2 - unified2-alert: @@ -64,7 +65,8 @@ outputs: enabled: yes filename: http.log append: yes - #extended: yes # enable this for extended logging information + #extended: yes # enable this for extended logging information + #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' # a line based log to used with pcap file study. # this module is dedicated to offline pcap parsing (empty output @@ -107,6 +109,7 @@ outputs: enabled: no filename: alert-debug.log append: yes + #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' # alert output to prelude (http://www.prelude-technologies.com/) only # available if Suricata has been compiled with --enable-prelude @@ -138,6 +141,7 @@ outputs: enabled: yes filename: drop.log append: yes + #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' # output module to store extracted files to disk # -- 1.7.4.1 From 82ae65c3cb0ae3bcd158094f9bcbfabf033e0f4e Mon Sep 17 00:00:00 2001 From: pilcrow Date: Wed, 7 Dec 2011 09:57:35 -0600 Subject: [PATCH 5/5] Use strlcpy --- src/util-logopenfile.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c index a9509a3..62819fb 100644 --- a/src/util-logopenfile.c +++ b/src/util-logopenfile.c @@ -47,7 +47,7 @@ SCLogOpenUnixSocketFp(const char *path, int sock_type) if (s < 0) goto err; sun.sun_family = AF_UNIX; - strncpy(sun.sun_path, path, sizeof(sun.sun_path) - 1); + strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); if (connect(s, (const struct sockaddr *)&sun, sizeof(sun)) < 0) goto err; -- 1.7.4.1