1 /* Copyright (C) 2007-2010 Open Information Security Foundation 2 * 3 * You can copy, redistribute or modify this Program under the terms of 4 * the GNU General Public License version 2 as published by the Free 5 * Software Foundation. 6 * 7 * This program is distributed in the hope that it will be useful, 8 * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 * GNU General Public License for more details. 11 * 12 * You should have received a copy of the GNU General Public License 13 * version 2 along with this program; if not, write to the Free Software 14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 15 * 02110-1301, USA. 16 */ 17 18 /** 19 * \file 20 * 21 * \author Anoop Saldanha <anoopsaldanha@gmail.com> 22 */ 23 24 #ifndef __UTIL_DEBUG_H__ 25 #define __UTIL_DEBUG_H__ 26 27 #include "suricata-common.h" 28 29 #include "threads.h" 30 #include "util-enum.h" 31 #include "util-error.h" 32 #include "util-debug-filters.h" 33 #include "util-atomic.h" 34 35 /** 36 * \brief ENV vars that can be used to set the properties for the logging module 37 */ 38 #define SC_LOG_ENV_LOG_LEVEL "SC_LOG_LEVEL" 39 #define SC_LOG_ENV_LOG_OP_IFACE "SC_LOG_OP_IFACE" 40 #define SC_LOG_ENV_LOG_FILE "SC_LOG_FILE" 41 #define SC_LOG_ENV_LOG_FACILITY "SC_LOG_FACILITY" 42 #define SC_LOG_ENV_LOG_FORMAT "SC_LOG_FORMAT" 43 #define SC_LOG_ENV_LOG_OP_FILTER "SC_LOG_OP_FILTER" 44 45 /** 46 * \brief The various log levels 47 * NOTE: when adding new level, don't forget to update SCLogMapLogLevelToSyslogLevel() 48 * or it may result in logging to syslog with LOG_EMERG priority. 49 */ 50 typedef enum { 51 SC_LOG_NOTSET = -1, 52 SC_LOG_NONE = 0, 53 SC_LOG_EMERGENCY, 54 SC_LOG_ALERT, 55 SC_LOG_CRITICAL, 56 SC_LOG_ERROR, 57 SC_LOG_WARNING, 58 SC_LOG_NOTICE, 59 SC_LOG_INFO, 60 SC_LOG_PERF, 61 SC_LOG_CONFIG, 62 SC_LOG_DEBUG, 63 SC_LOG_LEVEL_MAX, 64 } SCLogLevel; 65 66 /** 67 * \brief The various output interfaces supported 68 */ 69 typedef enum { 70 SC_LOG_OP_IFACE_CONSOLE, 71 SC_LOG_OP_IFACE_FILE, 72 SC_LOG_OP_IFACE_SYSLOG, 73 SC_LOG_OP_IFACE_MAX, 74 } SCLogOPIface; 75 76 typedef enum { 77 SC_LOG_OP_TYPE_REGULAR = 0, 78 SC_LOG_OP_TYPE_JSON, 79 } SCLogOPType; 80 81 /* The default log_format, if it is not supplied by the user */ 82 #define SC_LOG_DEF_LOG_FORMAT_REL "%t - <%d> - " 83 #define SC_LOG_DEF_LOG_FORMAT_DEV "[%i] %t - (%f:%l) <%d> (%n) -- " 84 85 /* The maximum length of the log message */ 86 #define SC_LOG_MAX_LOG_MSG_LEN 2048 87 88 /* The maximum length of the log format */ 89 #define SC_LOG_MAX_LOG_FORMAT_LEN 128 90 91 /* The default log level, if it is not supplied by the user */ 92 #define SC_LOG_DEF_LOG_LEVEL SC_LOG_INFO 93 94 /* The default output interface to be used */ 95 #define SC_LOG_DEF_LOG_OP_IFACE SC_LOG_OP_IFACE_CONSOLE 96 97 /* The default log file to be used */ 98 #define SC_LOG_DEF_LOG_FILE "suricata.log" 99 100 /* The default syslog facility to be used */ 101 #define SC_LOG_DEF_SYSLOG_FACILITY_STR "local0" 102 #define SC_LOG_DEF_SYSLOG_FACILITY LOG_LOCAL0 103 104 /** 105 * \brief Structure to be used when log_level override support would be provided 106 * by the logging module 107 */ 108 typedef struct SCLogOPBuffer_ { 109 char msg[SC_LOG_MAX_LOG_MSG_LEN]; 110 char *temp; 111 const char *log_format; 112 } SCLogOPBuffer; 113 114 /** 115 * \brief The output interface context for the logging module 116 */ 117 typedef struct SCLogOPIfaceCtx_ { 118 SCLogOPIface iface; 119 120 int16_t use_color; 121 int16_t type; 122 123 /* the output file to be used if the interface is SC_LOG_IFACE_FILE */ 124 const char *file; 125 /* the output file descriptor for the above file */ 126 FILE * file_d; 127 128 /* registered to be set on a file rotation signal */ 129 int rotation_flag; 130 131 /* the facility code if the interface is SC_LOG_IFACE_SYSLOG */ 132 int facility; 133 134 /* override for the global_log_level */ 135 SCLogLevel log_level; 136 137 /* override for the global_log_format(currently not used) */ 138 const char *log_format; 139 140 /* Mutex used for locking around rotate/write to a file. */ 141 SCMutex fp_mutex; 142 143 struct SCLogOPIfaceCtx_ *next; 144 } SCLogOPIfaceCtx; 145 146 /** 147 * \brief Structure containing init data, that would be passed to 148 * SCInitDebugModule() 149 */ 150 typedef struct SCLogInitData_ { 151 /* startup message */ 152 const char *startup_message; 153 154 /* the log level */ 155 SCLogLevel global_log_level; 156 157 /* the log format */ 158 const char *global_log_format; 159 160 /* output filter */ 161 const char *op_filter; 162 163 /* list of output interfaces to be used */ 164 SCLogOPIfaceCtx *op_ifaces; 165 /* no of op ifaces */ 166 uint8_t op_ifaces_cnt; 167 } SCLogInitData; 168 169 /** 170 * \brief Holds the config state used by the logging api 171 */ 172 typedef struct SCLogConfig_ { 173 char *startup_message; 174 SCLogLevel log_level; 175 char *log_format; 176 177 char *op_filter; 178 /* compiled pcre filter expression */ 179 pcre *op_filter_regex; 180 pcre_extra *op_filter_regex_study; 181 182 /* op ifaces used */ 183 SCLogOPIfaceCtx *op_ifaces; 184 /* no of op ifaces */ 185 uint8_t op_ifaces_cnt; 186 } SCLogConfig; 187 188 /* The different log format specifiers supported by the API */ 189 #define SC_LOG_FMT_TIME 't' /* Timestamp in standard format */ 190 #define SC_LOG_FMT_PID 'p' /* PID */ 191 #define SC_LOG_FMT_TID 'i' /* Thread ID */ 192 #define SC_LOG_FMT_TM 'm' /* Thread module name */ 193 #define SC_LOG_FMT_LOG_LEVEL 'd' /* Log level */ 194 #define SC_LOG_FMT_FILE_NAME 'f' /* File name */ 195 #define SC_LOG_FMT_LINE 'l' /* Line number */ 196 #define SC_LOG_FMT_FUNCTION 'n' /* Function */ 197 198 /* The log format prefix for the format specifiers */ 199 #define SC_LOG_FMT_PREFIX '%' 200 201 extern SCLogLevel sc_log_global_log_level; 202 203 extern int sc_log_module_initialized; 204 205 extern int sc_log_module_cleaned; 206 207 void SCLog(int x, const char *file, const char *func, const int line, 208 const char *fmt, ...) ATTR_FMT_PRINTF(5,6); 209 void SCLogErr(int x, const char *file, const char *func, const int line, 210 const int err, const char *fmt, ...) ATTR_FMT_PRINTF(6,7); 211 212 /** 213 * \brief Macro used to log INFORMATIONAL messages. 214 * 215 * \retval ... Takes as argument(s), a printf style format message 216 */ 217 #define SCLogInfo(...) SCLog(SC_LOG_INFO, \ 218 __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) 219 #define SCLogInfoRaw(file, func, line, ...) SCLog(SC_LOG_INFO, \ 220 (file), (func), (line), __VA_ARGS__) 221 222 #define SCLogConfig(...) SCLog(SC_LOG_CONFIG, \ 223 __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) 224 #define SCLogPerf(...) SCLog(SC_LOG_PERF, \ 225 __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) 226 227 /** 228 * \brief Macro used to log NOTICE messages. 229 * 230 * \retval ... Takes as argument(s), a printf style format message 231 */ 232 #define SCLogNotice(...) SCLog(SC_LOG_NOTICE, \ 233 __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) 234 #define SCLogNoticeRaw(file, func, line, ... ) SCLog(SC_LOG_NOTICE, \ 235 (file), (func), (line), __VA_ARGS__) 236 237 /** 238 * \brief Macro used to log WARNING messages. 239 * 240 * \retval err_code Error code that has to be logged along with the 241 * warning message 242 * \retval ... Takes as argument(s), a printf style format message 243 */ 244 #define SCLogWarning(err_code, ...) SCLogErr(SC_LOG_WARNING, \ 245 __FILE__, __FUNCTION__, __LINE__, \ 246 err_code, __VA_ARGS__) 247 #define SCLogWarningRaw(err_code, file, func, line, ...) \ 248 SCLogErr(SC_LOG_WARNING, (file), (func), (line), err_code, __VA_ARGS__) 249 250 /** 251 * \brief Macro used to log ERROR messages. 252 * 253 * \retval err_code Error code that has to be logged along with the 254 * error message 255 * \retval ... Takes as argument(s), a printf style format message 256 */ 257 #define SCLogError(err_code, ...) SCLogErr(SC_LOG_ERROR, \ 258 __FILE__, __FUNCTION__, __LINE__, \ 259 err_code, __VA_ARGS__) 260 #define SCLogErrorRaw(err_code, file, func, line, ...) SCLogErr(SC_LOG_ERROR, \ 261 (file), (func), (line), err_code, __VA_ARGS__) 262 263 /** 264 * \brief Macro used to log CRITICAL messages. 265 * 266 * \retval err_code Error code that has to be logged along with the 267 * critical message 268 * \retval ... Takes as argument(s), a printf style format message 269 */ 270 #define SCLogCritical(err_code, ...) SCLogErr(SC_LOG_CRITICAL, \ 271 __FILE__, __FUNCTION__, __LINE__, \ 272 err_code, __VA_ARGS__) 273 /** 274 * \brief Macro used to log ALERT messages. 275 * 276 * \retval err_code Error code that has to be logged along with the 277 * alert message 278 * \retval ... Takes as argument(s), a printf style format message 279 */ 280 #define SCLogAlert(err_code, ...) SCLogErr(SC_LOG_ALERT, \ 281 __FILE__, __FUNCTION__, __LINE__, \ 282 err_code, __VA_ARGS__) 283 /** 284 * \brief Macro used to log EMERGENCY messages. 285 * 286 * \retval err_code Error code that has to be logged along with the 287 * emergency message 288 * \retval ... Takes as argument(s), a printf style format message 289 */ 290 #define SCLogEmerg(err_code, ...) SCLogErr(SC_LOG_EMERGENCY, \ 291 __FILE__, __FUNCTION__, __LINE__, \ 292 err_code, __VA_ARGS__) 293 294 295 /* Avoid the overhead of using the debugging subsystem, in production mode */ 296 #ifndef DEBUG 297 298 #define SCLogDebug(...) do { } while (0) 299 300 #define SCEnter(...) 301 302 #define SCReturn return 303 304 #define SCReturnInt(x) return x 305 306 #define SCReturnUInt(x) return x 307 308 #define SCReturnDbl(x) return x 309 310 #define SCReturnChar(x) return x 311 312 #define SCReturnCharPtr(x) return x 313 314 #define SCReturnCT(x, type) return x 315 316 #define SCReturnPtr(x, type) return x 317 318 #define SCReturnBool(x) return x 319 320 #define SCReturnStruct(x) return x 321 322 /* Please use it only for debugging purposes */ 323 #else 324 325 326 /** 327 * \brief Macro used to log DEBUG messages. Comes under the debugging subsystem, 328 * and hence will be enabled only in the presence of the DEBUG macro. 329 * 330 * \retval ... Takes as argument(s), a printf style format message 331 */ 332 #define SCLogDebug(...) SCLog(SC_LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, __VA_ARGS__) 333 334 /** 335 * \brief Macro used to log debug messages on function entry. Comes under the 336 * debugging subsystem, and hence will be enabled only in the presence 337 * of the DEBUG macro. Apart from logging function_entry logs, it also 338 * processes the FD filters, if any FD filters are registered. 339 * 340 * \retval f An argument can be supplied, although it is not used 341 */ 342 #define SCEnter(f) do { \ 343 if (sc_log_global_log_level >= SC_LOG_DEBUG &&\ 344 SCLogCheckFDFilterEntry(__FUNCTION__)) \ 345 { \ 346 SCLogDebug("Entering ... >>"); \ 347 } \ 348 } while(0) 349 350 351 /** 352 * \brief Macro used to log debug messages on function exit. Comes under the 353 * debugging sybsystem, and hence will be enabled only in the presence 354 * of the DEBUG macro. Apart from logging function_exit logs, it also 355 * processes the FD filters, if any FD filters are registered. This 356 * function_exit macro should be used for functions that don't return 357 * a value. 358 */ 359 #define SCReturn do { \ 360 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 361 SCLogDebug("Returning ... <<" ); \ 362 SCLogCheckFDFilterExit(__FUNCTION__); \ 363 } \ 364 return; \ 365 } while(0) 366 367 /** 368 * \brief Macro used to log debug messages on function exit. Comes under the 369 * debugging sybsystem, and hence will be enabled only in the presence 370 * of the DEBUG macro. Apart from logging function_exit logs, it also 371 * processes the FD filters, if any FD filters are registered. This 372 * function_exit macro should be used for functions that returns an 373 * integer value. 374 * 375 * \retval x Variable of type 'integer' that has to be returned 376 */ 377 #define SCReturnInt(x) do { \ 378 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 379 SCLogDebug("Returning: %"PRIdMAX" ... <<", (intmax_t)x); \ 380 SCLogCheckFDFilterExit(__FUNCTION__); \ 381 } \ 382 return x; \ 383 } while(0) 384 385 /** 386 * \brief Macro used to log debug messages on function exit. Comes under the 387 * debugging sybsystem, and hence will be enabled only in the presence 388 * of the DEBUG macro. Apart from logging function_exit logs, it also 389 * processes the FD filters, if any FD filters are registered. This 390 * function_exit macro should be used for functions that returns an 391 * unsigned integer value. 392 * 393 * \retval x Variable of type 'unsigned integer' that has to be returned 394 */ 395 #define SCReturnUInt(x) do { \ 396 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 397 SCLogDebug("Returning: %"PRIuMAX" ... <<", (uintmax_t)x); \ 398 SCLogCheckFDFilterExit(__FUNCTION__); \ 399 } \ 400 return x; \ 401 } while(0) 402 403 /** 404 * \brief Macro used to log debug messages on function exit. Comes under the 405 * debugging sybsystem, and hence will be enabled only in the presence 406 * of the DEBUG macro. Apart from logging function_exit logs, it also 407 * processes the FD filters, if any FD filters are registered. This 408 * function_exit macro should be used for functions that returns a 409 * float/double value. 410 * 411 * \retval x Variable of type 'float/double' that has to be returned 412 */ 413 #define SCReturnDbl(x) do { \ 414 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 415 SCLogDebug("Returning: %f ... <<", x); \ 416 SCLogCheckFDFilterExit(__FUNCTION__); \ 417 } \ 418 return x; \ 419 } while(0) 420 421 /** 422 * \brief Macro used to log debug messages on function exit. Comes under the 423 * debugging sybsystem, and hence will be enabled only in the presence 424 * of the DEBUG macro. Apart from logging function_exit logs, it also 425 * processes the FD filters, if any FD filters are registered. This 426 * function_exit macro should be used for functions that returns a var 427 * of character type. 428 * 429 * \retval x Variable of type 'char' that has to be returned 430 */ 431 #define SCReturnChar(x) do { \ 432 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 433 SCLogDebug("Returning: %c ... <<", x); \ 434 SCLogCheckFDFilterExit(__FUNCTION__); \ 435 } \ 436 return x; \ 437 } while(0) 438 439 /** 440 * \brief Macro used to log debug messages on function exit. Comes under the 441 * debugging sybsystem, and hence will be enabled only in the presence 442 * of the DEBUG macro. Apart from logging function_exit logs, it also 443 * processes the FD filters, if any FD filters are registered. This 444 * function_exit macro should be used for functions that returns a 445 * character string. 446 * 447 * \retval x Pointer to the char string that has to be returned 448 */ 449 #define SCReturnCharPtr(x) do { \ 450 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 451 if ((x) != NULL) { \ 452 SCLogDebug("Returning: %s ... <<", x); \ 453 } else { \ 454 SCLogDebug("Returning: NULL ... <<"); \ 455 } SCLogCheckFDFilterExit(__FUNCTION__); \ 456 } \ 457 return x; \ 458 } while(0) 459 460 461 /** 462 * \brief Macro used to log debug messages on function exit. Comes under the 463 * debugging sybsystem, and hence will be enabled only in the presence 464 * of the DEBUG macro. Apart from logging function_exit logs, it also 465 * processes the FD filters, if any FD filters are registered. This 466 * function_exit macro should be used for functions that returns a var 467 * of custom type 468 * 469 * \retval x Variable instance of a custom type that has to be returned 470 * \retval type Pointer to a character string holding the name of the custom 471 * type(the argument x) that has to be returned 472 */ 473 #define SCReturnCT(x, type) do { \ 474 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 475 SCLogDebug("Returning var of " \ 476 "type %s ... <<", type); \ 477 SCLogCheckFDFilterExit(__FUNCTION__); \ 478 } \ 479 return x; \ 480 } while(0) 481 482 /** 483 * \brief Macro used to log debug messages on function exit. Comes under the 484 * debugging sybsystem, and hence will be enabled only in the presence 485 * of the DEBUG macro. Apart from logging function_exit logs, it also 486 * processes the FD filters, if any FD filters are registered. This 487 * function_exit macro should be used for functions that returns a 488 * pointer to a custom type 489 * 490 * \retval x Pointer to a variable instance of a custom type that has to be 491 * returned 492 * \retval type Pointer to a character string holding the name of the custom 493 * type(the argument x) that has to be returned 494 */ 495 #define SCReturnPtr(x, type) do { \ 496 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 497 SCLogDebug("Returning pointer %p of " \ 498 "type %s ... <<", x, type); \ 499 SCLogCheckFDFilterExit(__FUNCTION__); \ 500 } \ 501 return x; \ 502 } while(0) 503 504 /** 505 * \brief Macro used to log debug messages on function exit. Comes under the 506 * debugging sybsystem, and hence will be enabled only in the presence 507 * of the DEBUG macro. Apart from logging function_exit logs, it also 508 * processes the FD filters, if any FD filters are registered. This 509 * function_exit macro should be used for functions that returns a 510 * boolean value. 511 * 512 * \retval x Variable of type 'bool' that has to be returned 513 */ 514 #define SCReturnBool(x) do { \ 515 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 516 SCLogDebug("Returning: %s ... <<", x ? "true" : "false"); \ 517 SCLogCheckFDFilterExit(__FUNCTION__); \ 518 } \ 519 return x; \ 520 } while(0) 521 522 #define SCReturnStruct(x) do { \ 523 if (sc_log_global_log_level >= SC_LOG_DEBUG) { \ 524 SCLogDebug("Returning: ... <<"); \ 525 SCLogCheckFDFilterExit(__FUNCTION__); \ 526 } \ 527 return x; \ 528 } while(0) 529 530 #endif /* DEBUG */ 531 532 #define FatalError(x, ...) do { \ 533 SCLogError(x, __VA_ARGS__); \ 534 exit(EXIT_FAILURE); \ 535 } while(0) 536 537 /** \brief Fatal error IF we're starting up, and configured to consider 538 * errors to be fatal errors */ 539 #if !defined(__clang_analyzer__) 540 #define FatalErrorOnInit(x, ...) do { \ 541 SC_ATOMIC_EXTERN(unsigned int, engine_stage); \ 542 int init_errors_fatal = 0; \ 543 ConfGetBool("engine.init-failure-fatal", &init_errors_fatal); \ 544 if (init_errors_fatal && (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT))\ 545 { \ 546 SCLogError(x, __VA_ARGS__); \ 547 exit(EXIT_FAILURE); \ 548 } \ 549 SCLogWarning(x, __VA_ARGS__); \ 550 } while(0) 551 /* make it simpler for scan-build */ 552 #else 553 #define FatalErrorOnInit(x, ...) FatalError(x, __VA_ARGS__) 554 #endif 555 556 SCLogInitData *SCLogAllocLogInitData(void); 557 558 SCLogOPIfaceCtx *SCLogInitOPIfaceCtx(const char *, const char *, int, 559 const char *); 560 561 void SCLogAppendOPIfaceCtx(SCLogOPIfaceCtx *, SCLogInitData *); 562 563 void SCLogInitLogModule(SCLogInitData *); 564 565 void SCLogDeInitLogModule(void); 566 567 SCError SCLogMessage(const SCLogLevel, const char *, const unsigned int, 568 const char *, const SCError, const char *message); 569 570 SCLogOPBuffer *SCLogAllocLogOPBuffer(void); 571 572 int SCLogDebugEnabled(void); 573 574 void SCLogRegisterTests(void); 575 576 void SCLogLoadConfig(int daemon, int verbose); 577 578 SCLogLevel SCLogGetLogLevel(void); 579 580 #endif /* __UTIL_DEBUG_H__ */ 581