|
|
|
|
@ -67,6 +67,9 @@
|
|
|
|
|
/**< Minimum log file limit in MB. */
|
|
|
|
|
#define MIN_LIMIT 1 * 1024 * 1024
|
|
|
|
|
|
|
|
|
|
/* Default Sensor ID value */
|
|
|
|
|
static uint32_t sensor_id = 0;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Unified2 file header struct
|
|
|
|
|
*
|
|
|
|
|
@ -358,7 +361,7 @@ static int Unified2PrintStreamSegmentCallback(Packet *p, void *data, uint8_t *bu
|
|
|
|
|
hdr->type = htonl(UNIFIED2_PACKET_TYPE);
|
|
|
|
|
aun->hdr = hdr;
|
|
|
|
|
|
|
|
|
|
phdr->sensor_id = 0;
|
|
|
|
|
phdr->sensor_id = htonl(sensor_id);
|
|
|
|
|
phdr->linktype = htonl(datalink);
|
|
|
|
|
phdr->event_id = aun->event_id;
|
|
|
|
|
phdr->event_second = phdr->packet_second = htonl(p->ts.tv_sec);
|
|
|
|
|
@ -547,7 +550,7 @@ int Unified2PacketTypeAlert (Unified2AlertThread *aun, Packet *p, uint32_t event
|
|
|
|
|
hdr->type = htonl(UNIFIED2_PACKET_TYPE);
|
|
|
|
|
aun->hdr = hdr;
|
|
|
|
|
|
|
|
|
|
phdr->sensor_id = 0;
|
|
|
|
|
phdr->sensor_id = htonl(sensor_id);
|
|
|
|
|
phdr->linktype = htonl(datalink);
|
|
|
|
|
phdr->event_id = event_id;
|
|
|
|
|
phdr->event_second = phdr->packet_second = htonl(p->ts.tv_sec);
|
|
|
|
|
@ -638,7 +641,7 @@ int Unified2IPv6TypeAlert (ThreadVars *t, Packet *p, void *data, PacketQueue *pq
|
|
|
|
|
/* fill the gphdr structure with the data of the packet */
|
|
|
|
|
memset(&gphdr, 0, sizeof(gphdr));
|
|
|
|
|
/* FIXME this need to be copied for each alert */
|
|
|
|
|
gphdr.sensor_id = 0;
|
|
|
|
|
gphdr.sensor_id = htonl(sensor_id);
|
|
|
|
|
gphdr.event_second = htonl(p->ts.tv_sec);
|
|
|
|
|
gphdr.event_microsecond = htonl(p->ts.tv_usec);
|
|
|
|
|
gphdr.src_ip = *(struct in6_addr*)GET_IPV6_SRC_ADDR(p);
|
|
|
|
|
@ -783,7 +786,7 @@ int Unified2IPv4TypeAlert (ThreadVars *tv, Packet *p, void *data, PacketQueue *p
|
|
|
|
|
|
|
|
|
|
/* fill the gphdr structure with the data of the packet */
|
|
|
|
|
memset(&gphdr, 0, sizeof(gphdr));
|
|
|
|
|
gphdr.sensor_id = 0;
|
|
|
|
|
gphdr.sensor_id = htonl(sensor_id);
|
|
|
|
|
gphdr.event_id = 0;
|
|
|
|
|
gphdr.event_second = htonl(p->ts.tv_sec);
|
|
|
|
|
gphdr.event_microsecond = htonl(p->ts.tv_usec);
|
|
|
|
|
@ -1012,6 +1015,17 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (conf != NULL) {
|
|
|
|
|
const char *sensor_id_s = NULL;
|
|
|
|
|
sensor_id_s = ConfNodeLookupChildValue(conf, "sensor-id");
|
|
|
|
|
if (sensor_id_s != NULL) {
|
|
|
|
|
if (ByteExtractStringUint32(&sensor_id, 10, 0, sensor_id_s) == -1) {
|
|
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, invalid sensor-id: %s", sensor_id_s);
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = Unified2AlertOpenFileCtx(file_ctx, filename);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
goto error;
|
|
|
|
|
|
Jake Gionet
12 years ago
committed by
Victor Julien