/src/suricata7/src/output-eve-syslog.c
Line | Count | Source |
1 | | /* vi: set et ts=4: */ |
2 | | /* Copyright (C) 2021 Open Information Security Foundation |
3 | | * |
4 | | * You can copy, redistribute or modify this Program under the terms of |
5 | | * the GNU General Public License version 2 as published by the Free |
6 | | * Software Foundation. |
7 | | * |
8 | | * This program is distributed in the hope that it will be useful, |
9 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
10 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
11 | | * GNU General Public License for more details. |
12 | | * |
13 | | * You should have received a copy of the GNU General Public License |
14 | | * version 2 along with this program; if not, write to the Free Software |
15 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
16 | | * 02110-1301, USA. |
17 | | */ |
18 | | |
19 | | /** |
20 | | * \file |
21 | | * |
22 | | * \author Mike Pomraning <mpomraning@qualys.com> |
23 | | * \author Jeff Lucovsky <jeff@lucovsky.org> |
24 | | * |
25 | | * File-like output for logging: syslog |
26 | | */ |
27 | | |
28 | | #include "suricata-common.h" /* errno.h, string.h, etc. */ |
29 | | #include "output.h" /* DEFAULT_LOG_* */ |
30 | | #include "output-eve-syslog.h" |
31 | | #include "util-syslog.h" |
32 | | |
33 | | #ifdef OS_WIN32 |
34 | | void SyslogInitialize(void) |
35 | | { |
36 | | } |
37 | | #else /* !OS_WIN32 */ |
38 | 74 | #define OUTPUT_NAME "syslog" |
39 | | |
40 | | typedef struct Context_ { |
41 | | int alert_syslog_level; |
42 | | } Context; |
43 | | |
44 | | static int SyslogInit(ConfNode *conf, bool threaded, void **init_data) |
45 | 0 | { |
46 | 0 | Context *context = SCCalloc(1, sizeof(Context)); |
47 | 0 | if (context == NULL) { |
48 | 0 | SCLogError("Unable to allocate context for %s", OUTPUT_NAME); |
49 | 0 | return -1; |
50 | 0 | } |
51 | 0 | const char *facility_s = ConfNodeLookupChildValue(conf, "facility"); |
52 | 0 | if (facility_s == NULL) { |
53 | 0 | facility_s = DEFAULT_ALERT_SYSLOG_FACILITY_STR; |
54 | 0 | } |
55 | |
|
56 | 0 | int facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap()); |
57 | 0 | if (facility == -1) { |
58 | 0 | SCLogWarning("Invalid syslog facility: \"%s\"," |
59 | 0 | " now using \"%s\" as syslog facility", |
60 | 0 | facility_s, DEFAULT_ALERT_SYSLOG_FACILITY_STR); |
61 | 0 | facility = DEFAULT_ALERT_SYSLOG_FACILITY; |
62 | 0 | } |
63 | |
|
64 | 0 | const char *level_s = ConfNodeLookupChildValue(conf, "level"); |
65 | 0 | if (level_s != NULL) { |
66 | 0 | int level = SCMapEnumNameToValue(level_s, SCSyslogGetLogLevelMap()); |
67 | 0 | if (level != -1) { |
68 | 0 | context->alert_syslog_level = level; |
69 | 0 | } |
70 | 0 | } |
71 | |
|
72 | 0 | const char *ident = ConfNodeLookupChildValue(conf, "identity"); |
73 | | /* if null we just pass that to openlog, which will then |
74 | | * figure it out by itself. */ |
75 | |
|
76 | 0 | openlog(ident, LOG_PID | LOG_NDELAY, facility); |
77 | 0 | SCLogNotice("Syslog: facility %s, level %s, ident %s", facility_s, level_s, ident); |
78 | 0 | *init_data = context; |
79 | 0 | return 0; |
80 | 0 | } |
81 | | |
82 | | static int SyslogWrite(const char *buffer, int buffer_len, void *init_data, void *thread_data) |
83 | 0 | { |
84 | 0 | Context *context = init_data; |
85 | 0 | syslog(context->alert_syslog_level, "%s", (const char *)buffer); |
86 | |
|
87 | 0 | return 0; |
88 | 0 | } |
89 | | |
90 | | static void SyslogDeInit(void *init_data) |
91 | 0 | { |
92 | 0 | if (init_data) { |
93 | 0 | closelog(); |
94 | 0 | SCFree(init_data); |
95 | 0 | } |
96 | 0 | } |
97 | | |
98 | | void SyslogInitialize(void) |
99 | 74 | { |
100 | 74 | SCEveFileType *file_type = SCCalloc(1, sizeof(SCEveFileType)); |
101 | | |
102 | 74 | if (file_type == NULL) { |
103 | 0 | FatalError("Unable to allocate memory for eve file type %s", OUTPUT_NAME); |
104 | 0 | } |
105 | | |
106 | 74 | file_type->name = OUTPUT_NAME; |
107 | 74 | file_type->Init = SyslogInit; |
108 | 74 | file_type->Deinit = SyslogDeInit; |
109 | 74 | file_type->Write = SyslogWrite; |
110 | 74 | if (!SCRegisterEveFileType(file_type)) { |
111 | | FatalError("Failed to register EVE file type: %s", OUTPUT_NAME); |
112 | 0 | } |
113 | 74 | } |
114 | | #endif /* !OS_WIN32 */ |