aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add ICMP type and code support to JSON log

Browse Source
pull/802/head
Tom DeCanio 12 years ago committed by Victor Julien
parent c8beb9bf9d
commit 51b7cf1491
3 changed files with 44 additions and 12 deletions
Show Stats Download Patch File Download Diff File

50
src/alert-json.c
Unescape Escape View File

@ -259,10 +259,44 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative)
/* tuple */
json_object_set_new(js, "srcip", json_string(srcip));
json_object_set_new(js, "sp", json_integer(sp));
switch(p->proto) {
case IPPROTO_ICMP:
break;
case IPPROTO_UDP:
case IPPROTO_TCP:
case IPPROTO_SCTP:
json_object_set_new(js, "sp", json_integer(sp));
break;
}
json_object_set_new(js, "dstip", json_string(dstip));
json_object_set_new(js, "dp", json_integer(dp));
switch(p->proto) {
case IPPROTO_ICMP:
break;
case IPPROTO_UDP:
case IPPROTO_TCP:
case IPPROTO_SCTP:
json_object_set_new(js, "dp", json_integer(dp));
break;
}
json_object_set_new(js, "proto", json_string(proto));
switch (p->proto) {
case IPPROTO_ICMP:
if (p->icmpv4h) {
json_object_set_new(js, "icmp_type",
json_integer(p->icmpv4h->type));
json_object_set_new(js, "icmp_code",
json_integer(p->icmpv4h->code));
}
break;
case IPPROTO_ICMPV6:
if (p->icmpv6h) {
json_object_set_new(js, "icmp_type",
json_integer(p->icmpv6h->type));
json_object_set_new(js, "icmp_code",
json_integer(p->icmpv6h->code));
}
break;
}
return js;
}
@ -318,7 +352,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
json_t *ajs = json_object();
if (ajs == NULL) {
free(js);
json_decref(js);
return TM_ECODE_OK;
}
@ -339,7 +373,7 @@ TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
json_object_del(js, "alert");
}
json_object_clear(js);
free(js);
json_decref(js);
return TM_ECODE_OK;
}
@ -374,7 +408,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
json_t *ajs = json_object();
if (ajs == NULL) {
free(js);
json_decref(js);
return TM_ECODE_OK;
}
@ -395,7 +429,7 @@ TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
json_object_del(js, "alert");
}
json_object_clear(js);
free(js);
json_decref(js);
return TM_ECODE_OK;
}
@ -437,7 +471,7 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue
json_t *ajs = json_object();
if (ajs == NULL) {
free(js);
json_decref(js);
return TM_ECODE_OK;
}
@ -465,7 +499,7 @@ TmEcode AlertJsonDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue
json_object_set_new(js, "alert", ajs);
OutputJSON(js, aft, &aft->file_ctx->alerts);
json_object_clear(js);
free(js);
json_decref(js);
}
return TM_ECODE_OK;

3
src/output-dnslog.c
Unescape Escape View File

@ -95,7 +95,6 @@ static void LogQuery(AlertJsonThread/*LogDnsLogThread*/ *aft, json_t *js, /*char
json_t *djs = json_object();
if (djs == NULL) {
free(js);
return;
}
@ -180,7 +179,6 @@ static void LogAnswers(AlertJsonThread/*LogDnsLogThread*/ *aft, json_t *js, /*ch
json_t *djs = json_array();
if (djs == NULL) {
free(js);
return;
}
@ -270,6 +268,7 @@ static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQue
AppLayerTransactionUpdateLogId(ALPROTO_DNS_UDP, p->flow);
}
}
json_decref(js);
end:
FLOWLOCK_UNLOCK(p->flow);

3
src/output-httplog.c
Unescape Escape View File

@ -344,7 +344,6 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx /*, ch
OutputHttpCtx *http_ctx = aft->http_ctx->data;
json_t *hjs = json_object();
if (hjs == NULL) {
free(js);
return;
}
@ -602,7 +601,7 @@ static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQu
AppLayerTransactionUpdateLogId(ALPROTO_HTTP, p->flow);
}
json_object_clear(js);
free(js);
json_decref(js);
end:
FLOWLOCK_UNLOCK(p->flow);

Write Preview
Loading…
Cancel
Save