aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

alert/eve: add snmp metadata for snmp alerts

Browse Source 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3441
pull/5276/head
Jason Ish 5 years ago committed by Victor Julien
parent 4c7f55e636
commit ef0ebc9550
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File

17
src/output-json-alert.c
Unescape Escape View File

@ -219,6 +219,20 @@ static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
return; return;
} }
static void AlertJsonSNMP(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
{
void *snmp_state = (void *)FlowGetAppState(f);
if (snmp_state != NULL) {
void *tx = AppLayerParserGetTx(f->proto, ALPROTO_SNMP, snmp_state,
tx_id);
if (tx != NULL) {
jb_open_object(js, "snmp");
rs_snmp_log_json_response(js, snmp_state, tx);
jb_close(js);
}
}
}
static void AlertJsonSourceTarget(const Packet *p, const PacketAlert *pa, static void AlertJsonSourceTarget(const Packet *p, const PacketAlert *pa,
JsonBuilder *js, JsonAddrInfo *addr) JsonBuilder *js, JsonAddrInfo *addr)
{ {
@ -483,6 +497,9 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
jb_restore_mark(jb, &mark); jb_restore_mark(jb, &mark);
} }
break; break;
case ALPROTO_SNMP:
AlertJsonSNMP(p->flow, tx_id, jb);
break;
default: default:
break; break;
} }

Write Preview
Loading…
Cancel
Save