aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First cut at "united" file log output in JSON

Browse Source
pull/802/head
Tom DeCanio 11 years ago committed by Victor Julien
parent 88a04742c0
commit 730ee3d721
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File

1
src/Makefile.am
Unescape Escape View File

@ -219,6 +219,7 @@ output-filedata.c output-filedata.h \
output-packet.c output-packet.h \ output-packet.c output-packet.h \
output-tx.c output-tx.h \ output-tx.c output-tx.h \
output-dnslog.c output-dnslog.h \ output-dnslog.c output-dnslog.h \
output-file.c output-file.h \
output-httplog.c output-httplog.h \ output-httplog.c output-httplog.h \
output-json.c output-json.h \ output-json.c output-json.h \
output-tlslog.c output-tlslog.h \ output-tlslog.c output-tlslog.h \

17
src/output-json.c
Unescape Escape View File

@ -51,6 +51,8 @@
#include "output-dnslog.h" #include "output-dnslog.h"
#include "output-httplog.h" #include "output-httplog.h"
#include "output-tlslog.h" #include "output-tlslog.h"
#include "output-file.h"
#include "output-json.h"
#include "util-byte.h" #include "util-byte.h"
#include "util-privs.h" #include "util-privs.h"
@ -60,7 +62,6 @@
#include "util-buffer.h" #include "util-buffer.h"
#include "util-logopenfile.h" #include "util-logopenfile.h"
#include "output-json.h"
#ifndef HAVE_LIBJANSSON #ifndef HAVE_LIBJANSSON
@ -163,8 +164,9 @@ static enum json_output json_out = ALERT_FILE;
#define OUTPUT_ALERTS (1<<0) #define OUTPUT_ALERTS (1<<0)
#define OUTPUT_DNS (1<<1) #define OUTPUT_DNS (1<<1)
#define OUTPUT_HTTP (1<<2) #define OUTPUT_FILES (1<<2)
#define OUTPUT_TLS (1<<3) #define OUTPUT_HTTP (1<<3)
#define OUTPUT_TLS (1<<4)
static uint32_t outputFlags = 0; static uint32_t outputFlags = 0;
@ -527,6 +529,10 @@ TmEcode AlertJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
OutputDnsLog(tv, p, data, pq, postpq); OutputDnsLog(tv, p, data, pq, postpq);
} }
if (outputFlags & OUTPUT_FILES) {
OutputFileLog(tv, p, data, pq, postpq);
}
if (outputFlags & OUTPUT_HTTP) { if (outputFlags & OUTPUT_HTTP) {
OutputHttpLog(tv, p, data, pq, postpq); OutputHttpLog(tv, p, data, pq, postpq);
} }
@ -711,6 +717,11 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf)
outputFlags |= OUTPUT_DNS; outputFlags |= OUTPUT_DNS;
continue; continue;
} }
if (strcmp(output->val, "files") == 0) {
SCLogDebug("Enabling files output");
outputFlags |= OUTPUT_FILES;
continue;
}
if (strcmp(output->val, "http") == 0) { if (strcmp(output->val, "http") == 0) {
SCLogDebug("Enabling HTTP output"); SCLogDebug("Enabling HTTP output");
ConfNode *child = ConfNodeLookupChild(output, "http"); ConfNode *child = ConfNodeLookupChild(output, "http");

3
src/output-json.h
Unescape Escape View File

@ -42,6 +42,7 @@ OutputCtx *AlertJsonInitCtx(ConfNode *);
typedef struct OutputJsonCtx_ { typedef struct OutputJsonCtx_ {
LogFileCtx *file_ctx; LogFileCtx *file_ctx;
OutputCtx *http_ctx; OutputCtx *http_ctx;
OutputCtx *files_ctx;
OutputCtx *tls_ctx; OutputCtx *tls_ctx;
} OutputJsonCtx; } OutputJsonCtx;
@ -53,9 +54,11 @@ typedef struct AlertJsonThread_ {
uint64_t alert_cnt; uint64_t alert_cnt;
uint64_t dns_cnt; uint64_t dns_cnt;
uint64_t files_cnt;
uint64_t http_cnt; uint64_t http_cnt;
uint64_t tls_cnt; uint64_t tls_cnt;
OutputCtx *http_ctx; OutputCtx *http_ctx;
OutputCtx *files_ctx;
OutputCtx *tls_ctx; OutputCtx *tls_ctx;
} AlertJsonThread; } AlertJsonThread;

Write Preview
Loading…
Cancel
Save