From 0c067646a86973ee2426defc9110337a372add00 Mon Sep 17 00:00:00 2001 From: Tom DeCanio Date: Wed, 13 Nov 2013 11:17:03 -0800 Subject: [PATCH] Add "united" JSON files output --- src/output-json.c | 11 ++++++++++- suricata.yaml.in | 8 ++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/src/output-json.c b/src/output-json.c index 0444b9366b..ad2c7524eb 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -312,7 +312,14 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count) { AlertJsonThread *aft = (AlertJsonThread *)data; MemBuffer *buffer = (MemBuffer *)aft->buffer; - char *js_s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII); + char *js_s = json_dumps(js, + JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII| +#ifdef JSON_ESCAPE_SLASH + JSON_ESCAPE_SLASH +#else + 0 +#endif + ); if (unlikely(js_s == NULL)) return TM_ECODE_OK; @@ -719,6 +726,8 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf) } if (strcmp(output->val, "files") == 0) { SCLogDebug("Enabling files output"); + ConfNode *child = ConfNodeLookupChild(output, "files"); + json_ctx->files_ctx = OutputFileLogInit(child); outputFlags |= OUTPUT_FILES; continue; } diff --git a/suricata.yaml.in b/suricata.yaml.in index 8172b90dd3..0349cec415 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -84,7 +84,7 @@ outputs: # "United" event log in JSON format - eve-log: - enabled: yes + enabled: no type: file #file|syslog|unix_dgram|unix_stream filename: eve.json # the following are valid when type: syslog above @@ -99,9 +99,9 @@ outputs: - dns - tls: extended: yes # enable this for extended logging information - #- files - # force-magic: no # force logging magic on all logged files - # force-md5: no # force logging of md5 checksums + - files: + force-magic: no # force logging magic on all logged files + force-md5: no # force logging of md5 checksums #- drop #- ssh