|  |  |  | @ -53,6 +53,7 @@ | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | #include "output.h" | 
		
	
		
			
				|  |  |  |  | #include "output-json.h" | 
		
	
		
			
				|  |  |  |  | #include "output-json-http.h" | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | #include "log-file.h" | 
		
	
		
			
				|  |  |  |  | #include "util-logopenfile.h" | 
		
	
	
		
			
				
					|  |  |  | @ -74,99 +75,6 @@ typedef struct JsonFileLogThread_ { | 
		
	
		
			
				|  |  |  |  |     MemBuffer *buffer; | 
		
	
		
			
				|  |  |  |  | } JsonFileLogThread; | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | static json_t *LogFileMetaGetUri(const Packet *p, const File *ff) | 
		
	
		
			
				|  |  |  |  | { | 
		
	
		
			
				|  |  |  |  |     HtpState *htp_state = (HtpState *)p->flow->alstate; | 
		
	
		
			
				|  |  |  |  |     json_t *js = NULL; | 
		
	
		
			
				|  |  |  |  |     if (htp_state != NULL) { | 
		
	
		
			
				|  |  |  |  |         htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); | 
		
	
		
			
				|  |  |  |  |         if (tx != NULL) { | 
		
	
		
			
				|  |  |  |  |             HtpTxUserData *tx_ud = htp_tx_get_user_data(tx); | 
		
	
		
			
				|  |  |  |  |             if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) { | 
		
	
		
			
				|  |  |  |  |                 char *s = bstr_util_strdup_to_c(tx_ud->request_uri_normalized); | 
		
	
		
			
				|  |  |  |  |                 if (s != NULL) { | 
		
	
		
			
				|  |  |  |  |                     js = json_string(s); | 
		
	
		
			
				|  |  |  |  |                     SCFree(s); | 
		
	
		
			
				|  |  |  |  |                     if (js != NULL) | 
		
	
		
			
				|  |  |  |  |                         return js; | 
		
	
		
			
				|  |  |  |  |                 } | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |         } | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     return NULL; | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | static json_t *LogFileMetaGetHost(const Packet *p, const File *ff) | 
		
	
		
			
				|  |  |  |  | { | 
		
	
		
			
				|  |  |  |  |     HtpState *htp_state = (HtpState *)p->flow->alstate; | 
		
	
		
			
				|  |  |  |  |     json_t *js = NULL; | 
		
	
		
			
				|  |  |  |  |     if (htp_state != NULL) { | 
		
	
		
			
				|  |  |  |  |         htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); | 
		
	
		
			
				|  |  |  |  |         if (tx != NULL && tx->request_hostname != NULL) { | 
		
	
		
			
				|  |  |  |  |             char *s = bstr_util_strdup_to_c(tx->request_hostname); | 
		
	
		
			
				|  |  |  |  |             if (s != NULL) { | 
		
	
		
			
				|  |  |  |  |                 js = json_string(s); | 
		
	
		
			
				|  |  |  |  |                 SCFree(s); | 
		
	
		
			
				|  |  |  |  |                 if (js != NULL) | 
		
	
		
			
				|  |  |  |  |                     return js; | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |         } | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     return NULL; | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | static json_t *LogFileMetaGetReferer(const Packet *p, const File *ff) | 
		
	
		
			
				|  |  |  |  | { | 
		
	
		
			
				|  |  |  |  |     HtpState *htp_state = (HtpState *)p->flow->alstate; | 
		
	
		
			
				|  |  |  |  |     json_t *js = NULL; | 
		
	
		
			
				|  |  |  |  |     if (htp_state != NULL) { | 
		
	
		
			
				|  |  |  |  |         htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); | 
		
	
		
			
				|  |  |  |  |         if (tx != NULL) { | 
		
	
		
			
				|  |  |  |  |             htp_header_t *h = NULL; | 
		
	
		
			
				|  |  |  |  |             h = (htp_header_t *)htp_table_get_c(tx->request_headers, | 
		
	
		
			
				|  |  |  |  |                                                 "Referer"); | 
		
	
		
			
				|  |  |  |  |             if (h != NULL) { | 
		
	
		
			
				|  |  |  |  |                 char *s = bstr_util_strdup_to_c(h->value); | 
		
	
		
			
				|  |  |  |  |                 if (s != NULL) { | 
		
	
		
			
				|  |  |  |  |                     js = json_string(s); | 
		
	
		
			
				|  |  |  |  |                     SCFree(s); | 
		
	
		
			
				|  |  |  |  |                     if (js != NULL) | 
		
	
		
			
				|  |  |  |  |                         return js; | 
		
	
		
			
				|  |  |  |  |                 } | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |         } | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     return NULL; | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | static json_t *LogFileMetaGetUserAgent(const Packet *p, const File *ff) | 
		
	
		
			
				|  |  |  |  | { | 
		
	
		
			
				|  |  |  |  |     HtpState *htp_state = (HtpState *)p->flow->alstate; | 
		
	
		
			
				|  |  |  |  |     json_t *js = NULL; | 
		
	
		
			
				|  |  |  |  |     if (htp_state != NULL) { | 
		
	
		
			
				|  |  |  |  |         htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid); | 
		
	
		
			
				|  |  |  |  |         if (tx != NULL) { | 
		
	
		
			
				|  |  |  |  |             htp_header_t *h = NULL; | 
		
	
		
			
				|  |  |  |  |             h = (htp_header_t *)htp_table_get_c(tx->request_headers, | 
		
	
		
			
				|  |  |  |  |                                                 "User-Agent"); | 
		
	
		
			
				|  |  |  |  |             if (h != NULL) { | 
		
	
		
			
				|  |  |  |  |                 char *s = bstr_util_strdup_to_c(h->value); | 
		
	
		
			
				|  |  |  |  |                 if (s != NULL) { | 
		
	
		
			
				|  |  |  |  |                     js = json_string(s); | 
		
	
		
			
				|  |  |  |  |                     SCFree(s); | 
		
	
		
			
				|  |  |  |  |                     if (js != NULL) | 
		
	
		
			
				|  |  |  |  |                         return js; | 
		
	
		
			
				|  |  |  |  |                 } | 
		
	
		
			
				|  |  |  |  |             } | 
		
	
		
			
				|  |  |  |  |         } | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     return NULL; | 
		
	
		
			
				|  |  |  |  | } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | /**
 | 
		
	
		
			
				|  |  |  |  |  *  \internal | 
		
	
		
			
				|  |  |  |  |  *  \brief Write meta data on a single line json record | 
		
	
	
		
			
				
					|  |  |  | @ -175,33 +83,24 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F | 
		
	
		
			
				|  |  |  |  | { | 
		
	
		
			
				|  |  |  |  |     MemBuffer *buffer = (MemBuffer *)aft->buffer; | 
		
	
		
			
				|  |  |  |  |     json_t *js = CreateJSONHeader((Packet *)p, 0, "fileinfo"); //TODO const
 | 
		
	
		
			
				|  |  |  |  |     json_t *hjs = NULL; | 
		
	
		
			
				|  |  |  |  |     if (unlikely(js == NULL)) | 
		
	
		
			
				|  |  |  |  |         return; | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     /* reset */ | 
		
	
		
			
				|  |  |  |  |     MemBufferReset(buffer); | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     json_t *hjs = json_object(); | 
		
	
		
			
				|  |  |  |  |     if (unlikely(hjs == NULL)) { | 
		
	
		
			
				|  |  |  |  |         json_decref(js); | 
		
	
		
			
				|  |  |  |  |         return; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     json_object_set_new(hjs, "app_proto", json_string(AppProtoToString(p->flow->alproto))); | 
		
	
		
			
				|  |  |  |  |     switch (p->flow->alproto) { | 
		
	
		
			
				|  |  |  |  |         case ALPROTO_HTTP: | 
		
	
		
			
				|  |  |  |  |             json_object_set_new(hjs, "url", LogFileMetaGetUri(p, ff)); | 
		
	
		
			
				|  |  |  |  |             json_object_set_new(hjs, "hostname", LogFileMetaGetHost(p, ff)); | 
		
	
		
			
				|  |  |  |  |             json_object_set_new(hjs, "http_refer", LogFileMetaGetReferer(p, ff)); | 
		
	
		
			
				|  |  |  |  |             json_object_set_new(hjs, "http_user_agent", LogFileMetaGetUserAgent(p, ff)); | 
		
	
		
			
				|  |  |  |  |             json_object_set_new(js, "http", hjs); | 
		
	
		
			
				|  |  |  |  |             hjs = JsonHttpAddMetadata(p->flow); | 
		
	
		
			
				|  |  |  |  |             if (hjs) | 
		
	
		
			
				|  |  |  |  |                 json_object_set_new(js, "http", hjs); | 
		
	
		
			
				|  |  |  |  |             break; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  | 
 | 
		
	
		
			
				|  |  |  |  |     json_t *fjs = json_object(); | 
		
	
		
			
				|  |  |  |  |     if (unlikely(fjs == NULL)) { | 
		
	
		
			
				|  |  |  |  |         json_decref(hjs); | 
		
	
		
			
				|  |  |  |  |         json_decref(js); | 
		
	
		
			
				|  |  |  |  |         return; | 
		
	
		
			
				|  |  |  |  |     } | 
		
	
	
		
			
				
					|  |  |  | 
 |