[Oisf-devel] Suricata Application Logging
Victor Julien
victor at inliniac.net
Mon Apr 22 14:22:07 UTC 2013
On 04/21/2013 11:07 AM, עמית קליינמן wrote:
> An advice is needed.
>
> Suppose multiple Suricata detect threads need to write log records to
> one dedicated (log) file.
> The writes can occur simultaneously and should be done in an
> asynchronous non-blocking fashion (see for
> instance http://www.ibm.com/developerworks/linux/library/l-async
> <http://www.ibm.com/developerworks/linux/library/l-async/>).
> Can any of the existing logging code/facilities of Suricata be utilized
> for that purpose?
> How would you recommend accomplishing this.
Writes are protected by a mutex, check for example
https://github.com/inliniac/suricata/blob/master/src/alert-fastlog.c#L206
Not sure how much effort it would be to switch to a async model.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list