output/ftp: have ftp properties in alerts

Ticket: 6500
1 year ago · 3b1b163ee6
parent 0b6b015e26
commit 3b1b163ee6
3 changed files with 8 additions and 6 deletions
--- a/src/output-json-ftp.c
+++ b/src/output-json-ftp.c
@ -46,15 +46,16 @@
 #include "app-layer-ftp.h"
 #include "output-json-ftp.h"

-static void EveFTPLogCommand(FTPTransaction *tx, JsonBuilder *jb)
+bool EveFTPLogCommand(void *vtx, JsonBuilder *jb)
 {
+    FTPTransaction *tx = vtx;
    /* Preallocate array objects to simplify failure case */
    JsonBuilder *js_resplist = NULL;
    if (!TAILQ_EMPTY(&tx->response_list)) {
        js_resplist = jb_new_array();

        if (unlikely(js_resplist == NULL)) {
-            return;
+            return false;
        }
    }
    jb_open_object(jb, "ftp");
@ -151,6 +152,7 @@ static void EveFTPLogCommand(FTPTransaction *tx, JsonBuilder *jb)
        JB_SET_FALSE(jb, "reply_truncated");
    }
    jb_close(jb);
+    return true;
 }


@ -166,7 +168,6 @@ static int JsonFTPLogger(ThreadVars *tv, void *thread_data,
    } else {
        event_type = "ftp";
    }
-    FTPTransaction *tx = vtx;

    JsonBuilder *jb =
            CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, event_type, NULL, tx_id, thread->ctx);
@ -176,7 +177,7 @@ static int JsonFTPLogger(ThreadVars *tv, void *thread_data,
                goto fail;
            }
        } else {
-            EveFTPLogCommand(tx, jb);
+            EveFTPLogCommand(vtx, jb);
        }

        OutputJsonBuilderBuffer(jb, thread);
--- a/src/output-json-ftp.h
+++ b/src/output-json-ftp.h
@ -25,5 +25,6 @@
 #define __OUTPUT_JSON_FTP_H__

 void JsonFTPLogRegister(void);
+bool EveFTPLogCommand(void *vtx, JsonBuilder *js);

 #endif /* __OUTPUT_JSON_FTP_H__ */
--- a/src/output.c
+++ b/src/output.c
@ -1132,8 +1132,8 @@ void OutputRegisterLoggers(void)
 static EveJsonSimpleAppLayerLogger simple_json_applayer_loggers[ALPROTO_MAX] = {
    { ALPROTO_UNKNOWN, NULL },
    { ALPROTO_HTTP1, NULL }, // special: uses some options flags
-    { ALPROTO_FTP, NULL },   // TODO missing
-    { ALPROTO_SMTP, NULL },  // special: uses state
+    { ALPROTO_FTP, EveFTPLogCommand },
+    { ALPROTO_SMTP, NULL }, // special: uses state
    { ALPROTO_TLS, JsonTlsLogJSONExtended },
    { ALPROTO_SSH, rs_ssh_log_json },
    { ALPROTO_IMAP, NULL },   // protocol detection only