suricata
log-tlslog.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2014 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Roliers Jean-Paul <popof.fpn@gmail.co>
22 * \author Eric Leblond <eric@regit.org>
23 * \author Victor Julien <victor@inliniac.net>
24 * \author Paulo Pacheco <fooinha@gmail.com>
25 *
26 * Implements TLS logging portion of the engine.
27 */
28
29#include "suricata-common.h"
30#include "conf.h"
31
32#include "threadvars.h"
33
34#include "util-print.h"
35#include "util-debug.h"
36
37#include "output.h"
38#include "log-tlslog.h"
39#include "app-layer-ssl.h"
40#include "app-layer-parser.h"
41#include "util-buffer.h"
42
43#include "util-logopenfile.h"
44#include "util-time.h"
45#include "log-cf-common.h"
46
47#define DEFAULT_LOG_FILENAME "tls.log"
48
49#define MODULE_NAME "LogTlsLog"
50
51#define PRINT_BUF_LEN 46
52
53#define OUTPUT_BUFFER_SIZE 65535
54
55#define LOG_TLS_DEFAULT 0
56#define LOG_TLS_EXTENDED 1
57#define LOG_TLS_CUSTOM 2
58
59#define LOG_TLS_SESSION_RESUMPTION 4
60
61#define LOG_TLS_CF_VERSION 'v'
62#define LOG_TLS_CF_DATE_NOT_BEFORE 'd'
63#define LOG_TLS_CF_DATE_NOT_AFTER 'D'
64#define LOG_TLS_CF_SHA1 'f'
65#define LOG_TLS_CF_SNI 'n'
66#define LOG_TLS_CF_SUBJECT 's'
67#define LOG_TLS_CF_ISSUER 'i'
68#define LOG_TLS_CF_EXTENDED 'E'
69
70typedef struct LogTlsFileCtx_ {
72 uint32_t flags; /** Store mode */
75
80
81int TLSGetIPInformations(const Packet *p, char *srcip, socklen_t srcip_len, Port *sp, char *dstip,
82 socklen_t dstip_len, Port *dp, int ipproto)
83{
84 if ((PKT_IS_TOSERVER(p))) {
85 switch (ipproto) {
86 case AF_INET:
87 PrintInet(AF_INET, (const void *) GET_IPV4_SRC_ADDR_PTR(p),
88 srcip, srcip_len);
89 PrintInet(AF_INET, (const void *) GET_IPV4_DST_ADDR_PTR(p),
90 dstip, dstip_len);
91 break;
92 case AF_INET6:
93 PrintInet(AF_INET6, (const void *) GET_IPV6_SRC_ADDR(p), srcip,
94 srcip_len);
95 PrintInet(AF_INET6, (const void *) GET_IPV6_DST_ADDR(p), dstip,
96 dstip_len);
97 break;
98 default:
99 return 0;
100 }
101 *sp = p->sp;
102 *dp = p->dp;
103 } else {
104 switch (ipproto) {
105 case AF_INET:
106 PrintInet(AF_INET, (const void *) GET_IPV4_DST_ADDR_PTR(p),
107 srcip, srcip_len);
108 PrintInet(AF_INET, (const void *) GET_IPV4_SRC_ADDR_PTR(p),
109 dstip, dstip_len);
110 break;
111 case AF_INET6:
112 PrintInet(AF_INET6, (const void *) GET_IPV6_DST_ADDR(p), srcip,
113 srcip_len);
114 PrintInet(AF_INET6, (const void *) GET_IPV6_SRC_ADDR(p), dstip,
115 dstip_len);
116 break;
117 default:
118 return 0;
119 }
120 *sp = p->dp;
121 *dp = p->sp;
122 }
123 return 1;
124}
125
126static TmEcode LogTlsLogThreadInit(ThreadVars *t, const void *initdata,
127 void **data)
128{
129 LogTlsLogThread *aft = SCCalloc(1, sizeof(LogTlsLogThread));
130 if (unlikely(aft == NULL))
131 return TM_ECODE_FAILED;
132
133 if (initdata == NULL) {
134 SCLogDebug("Error getting context for TLSLog. \"initdata\" argument NULL");
135 SCFree(aft);
136 return TM_ECODE_FAILED;
137 }
138
140 if (aft->buffer == NULL) {
141 SCFree(aft);
142 return TM_ECODE_FAILED;
143 }
144
145 /* Use the Output Context (file pointer and mutex) */
146 aft->tlslog_ctx = ((OutputCtx *) initdata)->data;
147
148 *data = (void *)aft;
149 return TM_ECODE_OK;
150}
151
152static TmEcode LogTlsLogThreadDeinit(ThreadVars *t, void *data)
153{
154 LogTlsLogThread *aft = (LogTlsLogThread *)data;
155 if (aft == NULL) {
156 return TM_ECODE_OK;
157 }
158
159 MemBufferFree(aft->buffer);
160 memset(aft, 0, sizeof(LogTlsLogThread));
161
162 SCFree(aft);
163 return TM_ECODE_OK;
164}
165
166static void LogTlsLogDeInitCtx(OutputCtx *output_ctx)
167{
168 LogTlsFileCtx *tlslog_ctx = (LogTlsFileCtx *) output_ctx->data;
169 LogFileFreeCtx(tlslog_ctx->file_ctx);
170 LogCustomFormatFree(tlslog_ctx->cf);
171 SCFree(tlslog_ctx);
172 SCFree(output_ctx);
173}
174
175/** \brief Create a new tls log LogFileCtx.
176 * \param conf Pointer to ConfNode containing this loggers configuration.
177 * \return NULL if failure, LogFileCtx* to the file_ctx if succesful
178 * */
179static OutputInitResult LogTlsLogInitCtx(SCConfNode *conf)
180{
181 SCLogWarning("The tls-log output has been deprecated and will be removed in Suricata 9.0.");
182
183 OutputInitResult result = { NULL, false };
184 LogFileCtx* file_ctx = LogFileNewCtx();
185
186 if (file_ctx == NULL) {
187 SCLogError("LogTlsLogInitCtx: Couldn't "
188 "create new file_ctx");
189 return result;
190 }
191
192 if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
193 goto filectx_error;
194 }
195
196 LogTlsFileCtx *tlslog_ctx = SCCalloc(1, sizeof(LogTlsFileCtx));
197 if (unlikely(tlslog_ctx == NULL)) {
198 goto filectx_error;
199 }
200 tlslog_ctx->file_ctx = file_ctx;
201
202 const char *extended = SCConfNodeLookupChildValue(conf, "extended");
203 const char *custom = SCConfNodeLookupChildValue(conf, "custom");
204 const char *customformat = SCConfNodeLookupChildValue(conf, "customformat");
205
206 /* If custom logging format is selected, lets parse it */
207 if (custom != NULL && customformat != NULL && SCConfValIsTrue(custom)) {
208 tlslog_ctx->cf = LogCustomFormatAlloc();
209 if (!tlslog_ctx->cf) {
210 goto tlslog_error;
211 }
212
213 tlslog_ctx->flags |= LOG_TLS_CUSTOM;
214
215 if (!LogCustomFormatParse(tlslog_ctx->cf, customformat)) {
216 goto parser_error;
217 }
218 } else {
219 if (extended == NULL) {
220 tlslog_ctx->flags |= LOG_TLS_DEFAULT;
221 } else {
222 if (SCConfValIsTrue(extended)) {
223 tlslog_ctx->flags |= LOG_TLS_EXTENDED;
224 }
225 }
226 }
227
228 const char *resumption = SCConfNodeLookupChildValue(conf, "session-resumption");
229 if (resumption == NULL || SCConfValIsTrue(resumption)) {
230 tlslog_ctx->flags |= LOG_TLS_SESSION_RESUMPTION;
231 }
232
233 OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
234 if (unlikely(output_ctx == NULL)) {
235 goto tlslog_error;
236 }
237 output_ctx->data = tlslog_ctx;
238 output_ctx->DeInit = LogTlsLogDeInitCtx;
239
240 SCLogDebug("TLS log output initialized");
241
242 /* Enable the logger for the app layer */
244
245 result.ctx = output_ctx;
246 result.ok = true;
247 return result;
248
249parser_error:
250 SCLogError("Syntax error in custom tls log "
251 "format string.");
252tlslog_error:
253 LogCustomFormatFree(tlslog_ctx->cf);
254 SCFree(tlslog_ctx);
255filectx_error:
256 LogFileFreeCtx(file_ctx);
257 return result;
258}
259
260static void LogTlsLogVersion(MemBuffer *buffer, uint16_t version)
261{
262 char ssl_version[SSL_VERSION_MAX_STRLEN];
263 SSLVersionToString(version, ssl_version);
264 MemBufferWriteString(buffer, "VERSION='%s'", ssl_version);
265}
266
267static void LogTlsLogDate(MemBuffer *buffer, const char *title, int64_t *date)
268{
269 char timebuf[64] = {0};
270 if (sc_x509_format_timestamp(*date, timebuf, sizeof(timebuf))) {
271 MemBufferWriteString(buffer, "%s='%s'", title, timebuf);
272 }
273}
274
275static void LogTlsLogString(MemBuffer *buffer, const char *title,
276 const char *value)
277{
278 MemBufferWriteString(buffer, "%s='%s'", title, value);
279}
280
281static void LogTlsLogBasic(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
282 char *srcip, Port sp, char *dstip, Port dp)
283{
284 char timebuf[64];
285 CreateTimeString(ts, timebuf, sizeof(timebuf));
287 "%s %s:%d -> %s:%d TLS:",
288 timebuf, srcip, sp, dstip, dp);
289
290 if (ssl_state->server_connp.cert0_subject != NULL) {
291 MemBufferWriteString(aft->buffer, " Subject='%s'",
292 ssl_state->server_connp.cert0_subject);
293 }
294
295 if (ssl_state->server_connp.cert0_issuerdn != NULL) {
296 MemBufferWriteString(aft->buffer, " Issuerdn='%s'",
297 ssl_state->server_connp.cert0_issuerdn);
298 }
299
300 if (ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) {
301 /* Only log a session as 'resumed' if a certificate has not
302 been seen. */
303 if ((ssl_state->server_connp.cert0_issuerdn == NULL) &&
304 (ssl_state->server_connp.cert0_subject == NULL) &&
305 (ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
306 ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) {
307 MemBufferWriteString(aft->buffer, " Session='resumed'");
308 }
309 }
310}
311
312static void LogTlsLogExtended(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
313 char *srcip, Port sp, char *dstip, Port dp)
314{
315 if (ssl_state->server_connp.cert0_fingerprint != NULL) {
317 LogTlsLogString(aft->buffer, "SHA1",
319 }
320 if (ssl_state->client_connp.sni != NULL) {
322 LogTlsLogString(aft->buffer, "SNI", ssl_state->client_connp.sni);
323 }
324 if (ssl_state->server_connp.cert0_serial != NULL) {
326 LogTlsLogString(aft->buffer, "SERIAL",
327 ssl_state->server_connp.cert0_serial);
328 }
329
331 LogTlsLogVersion(aft->buffer, ssl_state->server_connp.version);
332
333 if (ssl_state->server_connp.cert0_not_before != 0) {
335 LogTlsLogDate(aft->buffer, "NOTBEFORE",
336 &ssl_state->server_connp.cert0_not_before);
337 }
338 if (ssl_state->server_connp.cert0_not_after != 0) {
340 LogTlsLogDate(aft->buffer, "NOTAFTER",
341 &ssl_state->server_connp.cert0_not_after);
342 }
343}
344
345/* Custom format logging */
346static void LogTlsLogCustom(LogTlsLogThread *aft, SSLState *ssl_state, const SCTime_t ts,
347 char *srcip, Port sp, char *dstip, Port dp)
348{
349 LogTlsFileCtx *tlslog_ctx = aft->tlslog_ctx;
350 uint32_t i;
351 char buf[64];
352
353 for (i = 0; i < tlslog_ctx->cf->cf_n; i++)
354 {
355 LogCustomFormatNode *node = tlslog_ctx->cf->cf_nodes[i];
356 if (!node) /* Should never happen */
357 continue;
358
359 switch (node->type) {
360 case LOG_CF_LITERAL:
361 /* LITERAL */
362 MemBufferWriteString(aft->buffer, "%s", node->data);
363 break;
364 case LOG_CF_TIMESTAMP:
365 /* TIMESTAMP */
367 break;
369 /* TIMESTAMP USECONDS */
370 snprintf(buf, sizeof(buf), "%06u", (unsigned int)SCTIME_USECS(ts));
371 PrintRawUriBuf((char *)aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,
372 (uint8_t *)buf, MIN(strlen(buf), 6));
373 break;
374 case LOG_CF_CLIENT_IP:
375 /* CLIENT IP ADDRESS */
376 PrintRawUriBuf((char *)aft->buffer->buffer,
377 &aft->buffer->offset, aft->buffer->size,
378 (uint8_t *)srcip,strlen(srcip));
379 break;
380 case LOG_CF_SERVER_IP:
381 /* SERVER IP ADDRESS */
382 PrintRawUriBuf((char *)aft->buffer->buffer,
383 &aft->buffer->offset, aft->buffer->size,
384 (uint8_t *)dstip, strlen(dstip));
385 break;
387 /* CLIENT PORT */
388 MemBufferWriteString(aft->buffer, "%" PRIu16 "", sp);
389 break;
391 /* SERVER PORT */
392 MemBufferWriteString(aft->buffer, "%" PRIu16 "", dp);
393 break;
395 LogTlsLogVersion(aft->buffer, ssl_state->server_connp.version);
396 break;
398 LogTlsLogDate(aft->buffer, "NOTBEFORE",
399 &ssl_state->server_connp.cert0_not_before);
400 break;
402 LogTlsLogDate(aft->buffer, "NOTAFTER",
403 &ssl_state->server_connp.cert0_not_after);
404 break;
405 case LOG_TLS_CF_SHA1:
406 if (ssl_state->server_connp.cert0_fingerprint != NULL) {
407 MemBufferWriteString(aft->buffer, "%s",
409 } else {
411 }
412 break;
413 case LOG_TLS_CF_SNI:
414 if (ssl_state->client_connp.sni != NULL) {
415 MemBufferWriteString(aft->buffer, "%s",
416 ssl_state->client_connp.sni);
417 } else {
419 }
420 break;
422 if (ssl_state->server_connp.cert0_subject != NULL) {
423 MemBufferWriteString(aft->buffer, "%s",
424 ssl_state->server_connp.cert0_subject);
425 } else {
427 }
428 break;
430 if (ssl_state->server_connp.cert0_issuerdn != NULL) {
431 MemBufferWriteString(aft->buffer, "%s",
432 ssl_state->server_connp.cert0_issuerdn);
433 } else {
435 }
436 break;
438 /* Extended format */
439 LogTlsLogExtended(aft, ssl_state, ts, srcip, sp, dstip, dp);
440 break;
441 default:
442 /* NO MATCH */
444 SCLogDebug("No matching parameter %%%c for custom tls log.",
445 node->type);
446 break;
447 }
448 }
449}
450
451
452static int LogTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p,
453 Flow *f, void *state, void *tx, uint64_t tx_id)
454{
455 LogTlsLogThread *aft = (LogTlsLogThread *)thread_data;
456 LogTlsFileCtx *hlog = aft->tlslog_ctx;
457 int ipproto = (PacketIsIPv4(p)) ? AF_INET : AF_INET6;
458
459 SSLState *ssl_state = (SSLState *)state;
460 if (unlikely(ssl_state == NULL)) {
461 return 0;
462 }
463
464 if (((hlog->flags & LOG_TLS_SESSION_RESUMPTION) == 0 ||
465 (ssl_state->flags & SSL_AL_FLAG_SESSION_RESUMED) == 0) &&
466 (ssl_state->server_connp.cert0_issuerdn == NULL ||
467 ssl_state->server_connp.cert0_subject == NULL) &&
468 ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) {
469 return 0;
470 }
471
472 char srcip[PRINT_BUF_LEN], dstip[PRINT_BUF_LEN];
473
474 Port sp, dp;
475 if (!TLSGetIPInformations(p, srcip, PRINT_BUF_LEN, &sp, dstip,
476 PRINT_BUF_LEN, &dp, ipproto)) {
477 return 0;
478 }
479
480 MemBufferReset(aft->buffer);
481
482 if (hlog->flags & LOG_TLS_CUSTOM) {
483 LogTlsLogCustom(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
484 } else if (hlog->flags & LOG_TLS_EXTENDED) {
485 LogTlsLogBasic(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
486 LogTlsLogExtended(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
487 } else {
488 LogTlsLogBasic(aft, ssl_state, p->ts, srcip, sp, dstip, dp);
489 }
490
491 MemBufferWriteString(aft->buffer, "\n");
492
493 hlog->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),
494 MEMBUFFER_OFFSET(aft->buffer), hlog->file_ctx);
495
496 return 0;
497}
498
500{
501 OutputRegisterTxModuleWithProgress(LOGGER_TLS, MODULE_NAME, "tls-log", LogTlsLogInitCtx,
503 TLS_STATE_SERVER_HANDSHAKE_DONE, LogTlsLogThreadInit, LogTlsLogThreadDeinit);
504}
void SCAppLayerParserRegisterLogger(uint8_t ipproto, AppProto alproto)
@ ALPROTO_TLS
#define SSL_AL_FLAG_STATE_SERVER_HELLO
#define SSL_AL_FLAG_LOG_WITHOUT_CERT
#define SSL_AL_FLAG_SESSION_RESUMED
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
int SCConfValIsTrue(const char *val)
Check if a value is true.
Definition conf.c:551
const char * SCConfNodeLookupChildValue(const SCConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition conf.c:824
uint8_t version
Definition decode-gre.h:1
#define GET_IPV6_DST_ADDR(p)
Definition decode.h:204
#define GET_IPV4_SRC_ADDR_PTR(p)
Definition decode.h:198
#define GET_IPV6_SRC_ADDR(p)
Definition decode.h:203
#define PKT_IS_TOSERVER(p)
Definition decode.h:238
uint16_t Port
Definition decode.h:218
#define GET_IPV4_DST_ADDR_PTR(p)
Definition decode.h:199
ThreadVars * tv
void LogCustomFormatWriteTimestamp(MemBuffer *buffer, const char *fmt, const SCTime_t ts)
Writes a timestamp with given format into a MemBuffer.
void LogCustomFormatFree(LogCustomFormat *cf)
Frees memory held by a custom format.
LogCustomFormat * LogCustomFormatAlloc(void)
Creates a custom format.
int LogCustomFormatParse(LogCustomFormat *cf, const char *format)
Parses and saves format nodes for custom format.
#define LOG_CF_TIMESTAMP
#define LOG_CF_NONE
#define LOG_CF_CLIENT_PORT
#define LOG_CF_SERVER_PORT
#define LOG_CF_LITERAL
#define LOG_CF_TIMESTAMP_U
#define LOG_CF_CLIENT_IP
#define LOG_CF_SERVER_IP
#define LOG_CF_WRITE_UNKNOWN_VALUE(buffer)
#define LOG_CF_WRITE_SPACE_SEPARATOR(buffer)
#define MODULE_NAME
Definition log-tlslog.c:49
#define LOG_TLS_SESSION_RESUMPTION
Definition log-tlslog.c:59
#define OUTPUT_BUFFER_SIZE
Definition log-tlslog.c:53
int TLSGetIPInformations(const Packet *p, char *srcip, socklen_t srcip_len, Port *sp, char *dstip, socklen_t dstip_len, Port *dp, int ipproto)
Definition log-tlslog.c:81
#define LOG_TLS_CUSTOM
Definition log-tlslog.c:57
struct LogTlsFileCtx_ LogTlsFileCtx
#define LOG_TLS_EXTENDED
Definition log-tlslog.c:56
#define PRINT_BUF_LEN
Definition log-tlslog.c:51
#define LOG_TLS_CF_DATE_NOT_BEFORE
Definition log-tlslog.c:62
#define LOG_TLS_CF_SUBJECT
Definition log-tlslog.c:66
#define LOG_TLS_DEFAULT
Definition log-tlslog.c:55
#define DEFAULT_LOG_FILENAME
Definition log-tlslog.c:47
#define LOG_TLS_CF_ISSUER
Definition log-tlslog.c:67
void LogTlsLogRegister(void)
Definition log-tlslog.c:499
#define LOG_TLS_CF_SHA1
Definition log-tlslog.c:64
#define LOG_TLS_CF_DATE_NOT_AFTER
Definition log-tlslog.c:63
#define LOG_TLS_CF_VERSION
Definition log-tlslog.c:61
#define LOG_TLS_CF_SNI
Definition log-tlslog.c:65
struct LogTlsLogThread_ LogTlsLogThread
#define LOG_TLS_CF_EXTENDED
Definition log-tlslog.c:68
void OutputRegisterTxModuleWithProgress(LoggerId id, const char *name, const char *conf_name, OutputInitFunc InitFunc, AppProto alproto, TxLogger TxLogFunc, int tc_log_progress, int ts_log_progress, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit)
Register a tx output module with progress.
Definition output.c:373
uint64_t ts
Flow data structure.
Definition flow.h:356
char data[LOG_NODE_STRLEN]
LogCustomFormatNode * cf_nodes[LOG_MAXN_NODES]
int(* Write)(const char *buffer, int buffer_len, struct LogFileCtx_ *fp)
uint32_t flags
Definition log-tlslog.c:72
LogCustomFormat * cf
Definition log-tlslog.c:73
LogFileCtx * file_ctx
Definition log-tlslog.c:71
LogTlsFileCtx * tlslog_ctx
Definition log-tlslog.c:77
MemBuffer * buffer
Definition log-tlslog.c:78
uint8_t buffer[]
Definition util-buffer.h:30
uint32_t size
Definition util-buffer.h:28
uint32_t offset
Definition util-buffer.h:29
void * data
Definition tm-modules.h:91
void(* DeInit)(struct OutputCtx_ *)
Definition tm-modules.h:94
OutputCtx * ctx
Definition output.h:47
SCTime_t ts
Definition decode.h:555
Port sp
Definition decode.h:508
Port dp
Definition decode.h:516
char * cert0_fingerprint
int64_t cert0_not_after
int64_t cert0_not_before
SSLv[2.0|3.[0|1|2|3]] state structure.
SSLStateConnp server_connp
SSLStateConnp client_connp
uint32_t flags
Per thread variable structure.
Definition threadvars.h:58
#define MIN(x, y)
@ LOGGER_TLS
@ TM_ECODE_FAILED
@ TM_ECODE_OK
void MemBufferWriteString(MemBuffer *dst, const char *fmt,...)
MemBuffer * MemBufferCreateNew(uint32_t size)
Definition util-buffer.c:32
void MemBufferFree(MemBuffer *buffer)
Definition util-buffer.c:86
#define MEMBUFFER_BUFFER(mem_buffer)
Get the MemBuffers underlying buffer.
Definition util-buffer.h:51
#define MEMBUFFER_OFFSET(mem_buffer)
Get the MemBuffers current offset.
Definition util-buffer.h:56
#define SCLogDebug(...)
Definition util-debug.h:275
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition util-debug.h:255
#define SCLogError(...)
Macro used to log ERROR messages.
Definition util-debug.h:267
int LogFileFreeCtx(LogFileCtx *lf_ctx)
LogFileFreeCtx() Destroy a LogFileCtx (Close the file and free memory)
LogFileCtx * LogFileNewCtx(void)
LogFileNewCtx() Get a new LogFileCtx.
int SCConfLogOpenGeneric(SCConfNode *conf, LogFileCtx *log_ctx, const char *default_filename, int rotate)
open a generic output "log file", which may be a regular file or a socket
#define SCFree(p)
Definition util-mem.h:61
#define SCCalloc(nm, sz)
Definition util-mem.h:53
#define unlikely(expr)
const char * PrintInet(int af, const void *src, char *dst, socklen_t size)
Definition util-print.c:231
void PrintRawUriBuf(char *retbuf, uint32_t *offset, uint32_t retbuflen, const uint8_t *buf, size_t buflen)
Definition util-print.c:93
void CreateTimeString(const SCTime_t ts, char *str, size_t size)
Definition util-time.c:272
#define SCTIME_USECS(t)
Definition util-time.h:56