Suricata

DPDK does not have any logging callbacks implemented. I could however think of one solution.

There could be a separate thread called e.g. SC_DPDK_LOGGER. This thread would have access to a pipe. The pipe would receive logs from the DPDK and SC_DPDK_LOGGER thread would periodically read from this pipe. The content would then be parsed into individual messages where e.g. delimiter would be a newline character. Each message then can be logged through the SCLogInfo() logger in the SC_DPDK_LOGGER thread. On the DPDK side, the DPDK logging destination could be configured by using rte_openlog_stream(). The default logging destination for DPDK is stderr by default.

How this could work is illustrated on the image below.

Pros:

• all messages are logged through DPDK
• the output is unified

Cons:

• yet another management thread
• DPDK message output might not be instantaneous
• a quite complex solution and a bit hackish it seems

Would appreciate any feedback