Suricata

Thanks Andrew. Personally when first creating Suricata my intention was to only have fastlog (for debugging) and unified* support, and have barnyard/barnyard2 handle all other connections/output types. Not everyone likes barnyard though and we also included the prelude support (even though it's disabled by default). So I'm a bit torn on including this... anyone else have an opinion on this?

Cheers,
Victor

This patch seems to be missing the important stuff, the alert-psgl-log.[ch] files.

Have you used programs like Kompare or Kdiff3 to view the patch? Look at lines 1776-1778 for alert-pgsql-log.c and 2049-2051 for alert-pgsql-log.h, does not it?
I don't know what the alert-psgl-log.[ch] is.

One thing I noted is that it adds copyright claims to each file that is modified, no matter how trivial the change is (even one character changes).

Have you read the GNU GPL, under which licensed your program?
"5. Conveying Modified Source Versions.
...
a) The work must carry prominent notices stating that you modified it, and giving a relevant date."

In it's current form this patch is not acceptable for inclusion.

Thank you for your opinion.

Weird, kompare doesn't show the alert-pgsql-log.c and alert-pgsql.h files, just a using a normal editor does.

Wrt copyright, not every change you make to code is copyrightable. Many of the changes are nothing more than renaming a variable. I'm pretty sure thats not a copyrightable change in any legal system. Example:

• 1/src/alert-prelude.h 2010-02-19 20:47:52.000000000 +0300
  --- 2/src/alert-prelude.h 2010-03-11 14:45:50.339237253 +0300 *******
• 1,9 ***
  / Copyright (c) 2010 Pierre Chifflier <chifflier@inl.fr> */

#ifndef ALERT_PRELUDE_H
  #define ALERT_PRELUDE_H

void TmModuleAlertPreludeRegister (void);
! LogFileCtx *AlertPreludeInitCtx(ConfNode *conf);

#endif /* ALERT_PRELUDE_H /
--- 1,10 ----
+ / Copyright (c) 2010 Andrew A. Usenok <tooogle@gmail.com> /
  / Copyright (c) 2010 Pierre Chifflier <chifflier@inl.fr> */

#ifndef ALERT_PRELUDE_H
  #define ALERT_PRELUDE_H

void TmModuleAlertPreludeRegister (void);
! LogCtx *AlertPreludeInitCtx(ConfNode *conf);

#endif /* ALERT_PRELUDE_H */

The only change here is the rename is from LogFileCtx to LogCtx.

The main purpose of this - mark files that have changed, regardless of the nature of the changes and their quantity.
In general, it is a minor point, you can always remove them, but the GPL insists on their presence.

The issue is kind of academic anyway, as the codebase has moved on quite a bit since this patch. We have already moved from the LogFileCtx to a more general OutputCtx that is more suitable for non-file based logging modules like the one you wrote. If you're interested, please update your patch to our current git master.

If you'd like the updated patch to be included in our codebase I have to ask you to sign our contributors agreement, found here: http://www.openinfosecfoundation.org/index.php/contributors . In short, it assigns the copyright to the (non-profit) foundation, but naturally you get the credits!