aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remaining JSON output pull request comment edits

Browse Source
pull/802/head
Tom DeCanio 12 years ago committed by Victor Julien
parent a3d86594dc
commit 6fd1b31c57
9 changed files with 32 additions and 101 deletions
Show Stats Download Patch File Download Diff File

8
src/output-dnslog.c
Unescape Escape View File

@ -203,8 +203,8 @@ static void LogAnswers(AlertJsonThread *aft, json_t *js, DNSTransaction *tx) {
json_object_del(js, "dns"); json_object_del(js, "dns");
} }
static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data,
PacketQueue *postpq, int ipproto) int ipproto)
{ {
SCEnter(); SCEnter();
@ -270,7 +270,7 @@ end:
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }
TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
@ -283,7 +283,7 @@ TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }
DnsJsonIPWrapper(tv, p, data, pq, postpq, AF_INET); DnsJsonIPWrapper(tv, p, data, AF_INET);
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }

2
src/output-dnslog.h
Unescape Escape View File

@ -24,7 +24,7 @@
#ifndef __OUTPUT_DNSLOG_H__ #ifndef __OUTPUT_DNSLOG_H__
#define __OUTPUT_DNSLOG_H__ #define __OUTPUT_DNSLOG_H__
TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data);
OutputCtx *DnsJsonInitCtx(ConfNode *); OutputCtx *DnsJsonInitCtx(ConfNode *);
#endif /* __OUTPUT_DNSLOG_H__ */ #endif /* __OUTPUT_DNSLOG_H__ */

17
src/output-droplog.c
Unescape Escape View File

@ -64,14 +64,10 @@
* *
* \param tv Pointer the current thread variables * \param tv Pointer the current thread variables
* \param p Pointer the packet which is being logged * \param p Pointer the packet which is being logged
* \param data Pointer to the droplog struct
* \param pq Pointer the packet queue
* \param postpq Pointer the packet queue where this packet will be sent
* *
* \return return TM_EODE_OK on success * \return return TM_EODE_OK on success
*/ */
TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p, PacketQueue *pq, TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p)
PacketQueue *postpq)
{ {
uint16_t proto = 0; uint16_t proto = 0;
MemBuffer *buffer = (MemBuffer *)aft->buffer; MemBuffer *buffer = (MemBuffer *)aft->buffer;
@ -143,13 +139,10 @@ TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p, PacketQueue *pq,
* \param tv Pointer the current thread variables * \param tv Pointer the current thread variables
* \param p Pointer the packet which is being logged * \param p Pointer the packet which is being logged
* \param data Pointer to the droplog struct * \param data Pointer to the droplog struct
* \param pq Pointer the packet queue
* \param postpq Pointer the packet queue where this packet will be sent
* *
* \return return TM_EODE_OK on success * \return return TM_EODE_OK on success
*/ */
TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data)
PacketQueue *postpq)
{ {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
@ -163,14 +156,14 @@ TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
if ((p->flow != NULL) && (p->flow->flags & FLOW_ACTION_DROP)) { if ((p->flow != NULL) && (p->flow->flags & FLOW_ACTION_DROP)) {
if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) { if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) {
p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED; p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED;
return OutputDropLogJSON(aft, p, pq, NULL); return OutputDropLogJSON(aft, p);
} else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) { } else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) {
p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED; p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED;
return OutputDropLogJSON(aft, p, pq, NULL); return OutputDropLogJSON(aft, p);
} }
} else { } else {
return OutputDropLogJSON(aft, p, pq, postpq); return OutputDropLogJSON(aft, p);
} }
return TM_ECODE_OK; return TM_ECODE_OK;

2
src/output-droplog.h
Unescape Escape View File

@ -26,7 +26,7 @@
#ifndef OUTPUT_DROPLOG_H #ifndef OUTPUT_DROPLOG_H
#define OUTPUT_DROPLOG_H #define OUTPUT_DROPLOG_H
TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data);
OutputCtx *OutputDropLogInit(ConfNode *); OutputCtx *OutputDropLogInit(ConfNode *);
#endif /* OUTPUT_DROPLOG_H */ #endif /* OUTPUT_DROPLOG_H */

7
src/output-httplog.c
Unescape Escape View File

@ -218,8 +218,7 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx)
json_object_set_new(js, "http", hjs); json_object_set_new(js, "http", hjs);
} }
static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data)
PacketQueue *postpq)
{ {
SCEnter(); SCEnter();
@ -306,10 +305,10 @@ end:
} }
TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
HttpJsonIPWrapper(tv, p, data, pq, postpq); HttpJsonIPWrapper(tv, p, data);
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }

2
src/output-httplog.h
Unescape Escape View File

@ -24,7 +24,7 @@
#ifndef __OUTPUT_HTTPLOG_H__ #ifndef __OUTPUT_HTTPLOG_H__
#define __OUTPUT_HTTPLOG_H__ #define __OUTPUT_HTTPLOG_H__
TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data);
OutputCtx *OutputHttpLogInit(ConfNode *); OutputCtx *OutputHttpLogInit(ConfNode *);
#endif /* __OUTPUT_HTTPLOG_H__ */ #endif /* __OUTPUT_HTTPLOG_H__ */

87
src/output-json.c
Unescape Escape View File

@ -128,8 +128,7 @@ static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL;
#endif /* OS_WIN32 */ #endif /* OS_WIN32 */
TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
TmEcode AlertJsonIPv4(ThreadVars *, Packet *, void *); TmEcode AlertJson(ThreadVars *, Packet *, void *);
TmEcode AlertJsonIPv6(ThreadVars *, Packet *, void *);
TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **); TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **);
TmEcode OutputJsonThreadDeinit(ThreadVars *, void *); TmEcode OutputJsonThreadDeinit(ThreadVars *, void *);
void OutputJsonExitPrintStats(ThreadVars *, void *); void OutputJsonExitPrintStats(ThreadVars *, void *);
@ -146,12 +145,6 @@ void TmModuleOutputJsonRegister (void) {
tmm_modules[TMM_OUTPUTJSON].cap_flags = 0; tmm_modules[TMM_OUTPUTJSON].cap_flags = 0;
OutputRegisterModule(MODULE_NAME, "eve-log", OutputJsonInitCtx); OutputRegisterModule(MODULE_NAME, "eve-log", OutputJsonInitCtx);
/* enable the logger for the app layer */
AppLayerRegisterLogger(ALPROTO_DNS_UDP);
AppLayerRegisterLogger(ALPROTO_DNS_TCP);
AppLayerRegisterLogger(ALPROTO_HTTP);
AppLayerRegisterLogger(ALPROTO_TLS);
} }
/* Default Sensor ID value */ /* Default Sensor ID value */
@ -338,63 +331,7 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count)
return TM_ECODE_OK; return TM_ECODE_OK;
} }
TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data) TmEcode AlertJson(ThreadVars *tv, Packet *p, void *data)
{
AlertJsonThread *aft = (AlertJsonThread *)data;
MemBuffer *buffer = (MemBuffer *)aft->buffer;
int i;
char *action = "Pass";
if (p->alerts.cnt == 0)
return TM_ECODE_OK;
MemBufferReset(buffer);
json_t *js = CreateJSONHeader(p, 0);
if (unlikely(js == NULL))
return TM_ECODE_OK;
for (i = 0; i < p->alerts.cnt; i++) {
PacketAlert *pa = &p->alerts.alerts[i];
if (unlikely(pa->s == NULL)) {
continue;
}
if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
action = "Drop";
} else if (pa->action & ACTION_DROP) {
action = "wDrop";
}
json_t *ajs = json_object();
if (ajs == NULL) {
json_decref(js);
return TM_ECODE_OK;
}
json_object_set_new(ajs, "action", json_string(action));
json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
json_object_set_new(ajs, "id", json_integer(pa->s->id));
json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
json_object_set_new(ajs, "msg",
json_string((pa->s->msg) ? pa->s->msg : ""));
json_object_set_new(ajs, "class",
json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
json_object_set_new(ajs, "pri", json_integer(pa->s->prio));
/* alert */
json_object_set_new(js, "alert", ajs);
OutputJSON(js, aft, &aft->file_ctx->alerts);
json_object_del(js, "alert");
}
json_object_clear(js);
json_decref(js);
return TM_ECODE_OK;
}
TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data)
{ {
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
MemBuffer *buffer = (MemBuffer *)aft->buffer; MemBuffer *buffer = (MemBuffer *)aft->buffer;
@ -525,33 +462,31 @@ TmEcode OutputJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pack
{ {
if (output_flags & OUTPUT_ALERTS) { if (output_flags & OUTPUT_ALERTS) {
if (PKT_IS_IPV4(p)) { if (PKT_IS_IPV4(p) || PKT_IS_IPV6(p)) {
AlertJsonIPv4(tv, p, data); AlertJson(tv, p, data);
} else if (PKT_IS_IPV6(p)) {
AlertJsonIPv6(tv, p, data);
} else if (p->events.cnt > 0) { } else if (p->events.cnt > 0) {
AlertJsonDecoderEvent(tv, p, data); AlertJsonDecoderEvent(tv, p, data);
} }
} }
if (output_flags & OUTPUT_DNS) { if (output_flags & OUTPUT_DNS) {
OutputDnsLog(tv, p, data, pq, postpq); OutputDnsLog(tv, p, data);
} }
if (output_flags & OUTPUT_DROP) { if (output_flags & OUTPUT_DROP) {
OutputDropLog(tv, p, data, pq, postpq); OutputDropLog(tv, p, data);
} }
if (output_flags & OUTPUT_FILES) { if (output_flags & OUTPUT_FILES) {
OutputFileLog(tv, p, data, pq, postpq); OutputFileLog(tv, p, data);
} }
if (output_flags & OUTPUT_HTTP) { if (output_flags & OUTPUT_HTTP) {
OutputHttpLog(tv, p, data, pq, postpq); OutputHttpLog(tv, p, data);
} }
if (output_flags & OUTPUT_TLS) { if (output_flags & OUTPUT_TLS) {
OutputTlsLog(tv, p, data, pq, postpq); OutputTlsLog(tv, p, data);
} }
return TM_ECODE_OK; return TM_ECODE_OK;
@ -727,6 +662,8 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
} }
if (strcmp(output->val, "dns") == 0) { if (strcmp(output->val, "dns") == 0) {
SCLogDebug("Enabling DNS output"); SCLogDebug("Enabling DNS output");
AppLayerRegisterLogger(ALPROTO_DNS_UDP);
AppLayerRegisterLogger(ALPROTO_DNS_TCP);
output_flags |= OUTPUT_DNS; output_flags |= OUTPUT_DNS;
continue; continue;
} }
@ -746,6 +683,7 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
SCLogDebug("Enabling HTTP output"); SCLogDebug("Enabling HTTP output");
ConfNode *child = ConfNodeLookupChild(output, "http"); ConfNode *child = ConfNodeLookupChild(output, "http");
json_ctx->http_ctx = OutputHttpLogInit(child); json_ctx->http_ctx = OutputHttpLogInit(child);
AppLayerRegisterLogger(ALPROTO_HTTP);
output_flags |= OUTPUT_HTTP; output_flags |= OUTPUT_HTTP;
continue; continue;
} }
@ -753,6 +691,7 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
SCLogDebug("Enabling TLS output"); SCLogDebug("Enabling TLS output");
ConfNode *child = ConfNodeLookupChild(output, "tls"); ConfNode *child = ConfNodeLookupChild(output, "tls");
json_ctx->tls_ctx = OutputTlsLogInit(child); json_ctx->tls_ctx = OutputTlsLogInit(child);
AppLayerRegisterLogger(ALPROTO_TLS);
output_flags |= OUTPUT_TLS; output_flags |= OUTPUT_TLS;
continue; continue;
} }

6
src/output-tlslog.c
Unescape Escape View File

@ -104,7 +104,7 @@ static void LogTlsLogExtendedJSON(json_t *tjs, SSLState * state)
} }
static TmEcode LogTlsLogIPWrapperJSON(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) static TmEcode LogTlsLogIPWrapperJSON(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
AlertJsonThread *aft = (AlertJsonThread *)data; AlertJsonThread *aft = (AlertJsonThread *)data;
@ -171,7 +171,7 @@ end:
} }
TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data)
{ {
SCEnter(); SCEnter();
@ -184,7 +184,7 @@ TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }
LogTlsLogIPWrapperJSON(tv, p, data, pq, postpq); LogTlsLogIPWrapperJSON(tv, p, data);
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }

2
src/output-tlslog.h
Unescape Escape View File

@ -24,7 +24,7 @@
#ifndef __OUTPUT_TLSLOG_H__ #ifndef __OUTPUT_TLSLOG_H__
#define __OUTPUT_TLSLOG_H__ #define __OUTPUT_TLSLOG_H__
TmEcode OutputTlsLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); TmEcode OutputTlsLog (ThreadVars *tv, Packet *p, void *data);
OutputCtx *OutputTlsLogInit(ConfNode *); OutputCtx *OutputTlsLogInit(ConfNode *);
#endif /* __OUTPUT_TLSLOG_H__ */ #endif /* __OUTPUT_TLSLOG_H__ */

Write Preview
Loading…
Cancel
Save