From 8a09bff0aa1e87a3c8e9e156bd36e31d2e7306ce Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 16 Nov 2023 09:52:12 +0100 Subject: [PATCH] output/tftp: have tftp properties in alerts Ticket: 6501 --- rust/src/tftp/log.rs | 2 ++ src/output-json-tftp.c | 2 -- src/output.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rust/src/tftp/log.rs b/rust/src/tftp/log.rs index b4837036a1..f6e63531a0 100644 --- a/rust/src/tftp/log.rs +++ b/rust/src/tftp/log.rs @@ -24,6 +24,7 @@ fn tftp_log_request(tx: &mut TFTPTransaction, jb: &mut JsonBuilder) -> Result<(), JsonError> { + jb.open_object("tftp")?; match tx.opcode { 1 => jb.set_string("packet", "read")?, 2 => jb.set_string("packet", "write")?, @@ -31,6 +32,7 @@ fn tftp_log_request(tx: &mut TFTPTransaction, }; jb.set_string("file", tx.filename.as_str())?; jb.set_string("mode", tx.mode.as_str())?; + jb.close()?; Ok(()) } diff --git a/src/output-json-tftp.c b/src/output-json-tftp.c index 4fff67a8b6..a0bc9ee180 100644 --- a/src/output-json-tftp.c +++ b/src/output-json-tftp.c @@ -58,11 +58,9 @@ static int JsonTFTPLogger(ThreadVars *tv, void *thread_data, return TM_ECODE_FAILED; } - jb_open_object(jb, "tftp"); if (unlikely(!rs_tftp_log_json_request(tx, jb))) { goto error; } - jb_close(jb); OutputJsonBuilderBuffer(jb, thread); diff --git a/src/output.c b/src/output.c index d57622ff39..5aa341d2cb 100644 --- a/src/output.c +++ b/src/output.c @@ -1148,7 +1148,7 @@ static EveJsonSimpleAppLayerLogger simple_json_applayer_loggers[ALPROTO_MAX] = { { ALPROTO_NFS, NULL }, // special: uses state { ALPROTO_NTP, NULL }, // no logging { ALPROTO_FTPDATA, EveFTPDataAddMetadata }, - { ALPROTO_TFTP, NULL }, // TODO missing + { ALPROTO_TFTP, (EveJsonSimpleTxLogFunc)rs_tftp_log_json_request }, { ALPROTO_IKE, NULL }, // special: uses state { ALPROTO_KRB5, NULL }, // TODO missing { ALPROTO_QUIC, rs_quic_to_json },