Suricata的日志器负责输出有价值的分析结果。使用上,主要通过OutputLoggerLog()在FlowWorker()中遍历并调用回调函数。注册过程涉及TmModuleLoggerRegister(),包括OutputRegisterRootLoggers()和OutputRegisterLoggers()。OutputRegisterRootLoggers()按类别注册到不同的日志列表,而OutputRegisterLoggers()则用于插入到output_modules列表。RunModeInitializeOutputs()和RunModeInitializeEveOutput()进一步将OutputModule注册到对应分类。然而,eve-flow的注册机制尚不清楚,其在遍历RootLoggers时不被访问,但实际并非如此。
Logger is the output part of Suricata, which outputs various valuable analysis results to the outside of Suricata. Firstly, let’s begin with the usage of it.
1.Usage
OutputLoggerLog() in FlowWorker(): traverse the RootLoggers list and call the callback logFunction.
2.Registration
To be honest, it’s not that straight forward.
A.The first step:
void TmModuleLoggerRegister(void)
{
OutputRegisterRootLoggers();
OutputRegisterLoggers();
}
// Register loggers to RootLoggers according to the classification: packet, tx, filddata and etc. And every classification has its own list to store their OutputModule.
void OutputRegisterRootLoggers(void)
{
OutputPacketLoggerRegister();
OutputTxLoggerRegister();
OutputFiledataLoggerRegister();
OutputFileLoggerRegister();
OutputStreamingLoggerRegister();
}
// The mostly used logg
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
