Merge branch 'topic/corelight/logging-hooks' of https://github.com/corelight/bro

* 'topic/corelight/logging-hooks' of https://github.com/corelight/bro: Plugin: Add hooks for log init and writing.
2025-10-04 15:48:19 +00:00 · 2017-05-04 11:37:48 -05:00 · 2017-05-04 11:37:48 -05:00 · 874d2b9fb0
commit 874d2b9fb0
parent 7f292dc4ad 684ea8aa37
18 changed files with 763 additions and 40 deletions
--- a/src/plugin/Manager.h
+++ b/src/plugin/Manager.h
@ -291,6 +291,70 @@ public:
 	 */
 	void HookBroObjDtor(void* obj) const;

+	/**
+	 * Hook into log initialization. This method will be called when a
+	 * logging writer is created. A writer represents a single logging
+	 * filter. The method is called in the main thread, on the node that
+	 * causes a log line to be written. It will _not_ be called on the logger
+	 * node. The function will be called once for every instantiated writer.
+	 *
+	 * @param writer The name of the writer being instantiated.
+	 *
+	 * @param instantiating_filter Name of the filter causing the
+	 *        writer instantiation.
+	 *
+	 * @param local True if the filter is logging locally (writer
+	 *              thread will be located in same process).
+	 *
+	 * @param remote True if filter is logging remotely (writer thread
+	 *               will be located in different thread, typically
+	 *               in manager or logger node).
+	 *
+	 * @param info WriterBackend::WriterInfo with information about the writer.
+	 *
+	 * @param num_fields number of fields in the record being written.
+	 *
+	 * @param fields threading::Field description of the fields being logged.
+	 */
+	void HookLogInit(const std::string& writer,
+	                 const std::string& instantiating_filter,
+	                 bool local, bool remote,
+	                 const logging::WriterBackend::WriterInfo& info,
+	                 int num_fields,
+	                 const threading::Field* const* fields) const;
+
+	/**
+	 * Hook into log writing. This method will be called for each log line
+	 * being written by each writer. Each writer represents a single logging
+	 * filter. The method is called in the main thread, on the node that
+	 * causes a log line to be written. It will _not_ be called on the logger
+	 * node.
+	 * This function allows plugins to modify or skip logging of information.
+	 * Note - once a log line is skipped (by returning false), it will not
+	 * passed on to hooks that have not yet been called.
+	 *
+	 * @param writer The name of the writer.
+	 *
+	 * @param filter Name of the filter being written to.
+	 *
+	 * @param info WriterBackend::WriterInfo with information about the writer.
+	 *
+	 * @param num_fields number of fields in the record being written.
+	 *
+	 * @param fields threading::Field description of the fields being logged.
+	 *
+	 * @param vals threading::Values containing the values being written. Values
+	 *             can be modified in the Hook.
+	 *
+	 * @return true if log line should be written, false if log line should be
+	 *         skipped and not passed on to the writer.
+	 */
+	bool HookLogWrite(const std::string& writer,
+	                  const std::string& filter,
+	                  const logging::WriterBackend::WriterInfo& info,
+	                  int num_fields, const threading::Field* const* fields,
+	                  threading::Value** vals) const;
+
 	/**
 	 * Internal method that registers a freshly instantiated plugin with
 	 * the manager.