在看snort源码的时候,经常看到调用DEBUG_WRAP函数输出的debug信息。研究了一下怎么打开这个debug开关,以下是具体的步骤
1. 在configure 选项中添加--enable-debug-msgs 和--enable-debug ,这个打开了宏DEBUG_MSGS
2.定义环境变量SNORT_DEBUG和SNORT_PP_DEBUG, debug_level = $SNORT_DEBUG | ($SNORT_PP_DEBUG << 32)
为了使环境变量对某个用户生效,可以在~/.bashrc里面添加 ,如 export SNORT_DEBUG=0x00000200
#define DEBUG_CONFIGRULES 0x0000000000000200LL
DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"[*] Processing keyword: %s\n", index););
void DebugMessageFunc(uint64_t level, const char *fmt, ...)
{
va_list ap;
<span style="color:#ff6666;">if (!(level & GetDebugLevel()))</span>
return;
va_start(ap, fmt);
if ((snort_conf != NULL) && (ScDaemonMode() || ScLogSyslog()))
{
char buf[STD_BUF];
int buf_len = sizeof(buf);
char *buf_ptr = buf;
buf[buf_len - 1] = '\0';
/* filename and line number information */
if (DebugMessageFile != NULL)
{
snprintf(buf, buf_len - 1, "%s:%d: ",
DebugMessageFile, DebugMessageLine);
buf_ptr += strlen(buf);
buf_len -= strlen(buf);
}
vsnprintf(buf_ptr, buf_len - 1, fmt, ap);
syslog(LOG_DAEMON | LOG_DEBUG, "%s", buf);
}
else
{
if (DebugMessageFile != NULL)
printf("%s:%d: ", DebugMessageFile, DebugMessageLine);
vprintf(fmt, ap);
}
va_end(ap);
}
uint64_t <span style="color:#ff6666;">GetDebugLevel</span>(void)
{
static int debug_init = 0;
static uint64_t debug_level = 0;
const char* key;
if ( debug_init )
return debug_level;
key = getenv(DEBUG_PP_VAR);
if ( key )
debug_level = strtoul(key, NULL, 0);
debug_level <<= 32;
key = getenv(DEBUG_VARIABLE);
if ( key )
debug_level |= strtoul(key, NULL, 0);
debug_init = 1;
return debug_level;
} 
