diff --git a/src/log-httplog.c b/src/log-httplog.c index 1c2bdc4595..9653c3ad70 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -204,6 +204,55 @@ TmEcode LogHttpLogIPv4(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P } else { fprintf(aft->file_ctx->fp, ""); } + fprintf(aft->file_ctx->fp, " [**] "); + + /* referer */ + htp_header_t *h_referer = table_getc(tx->request_headers, "referer"); + if (h_referer != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(h_referer->value), + bstr_len(h_referer->value)); + } else { + fprintf(aft->file_ctx->fp, ""); + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* method */ + if (tx->request_method != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(tx->request_method), + bstr_len(tx->request_method)); + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* protocol */ + if (tx->request_protocol != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(tx->request_protocol), + bstr_len(tx->request_protocol)); + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* response status */ + if (tx->response_status != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(tx->response_status), + bstr_len(tx->response_status)); + /* Redirect? */ + if ((tx->response_status_number > 300) && ((tx->response_status_number) < 303)) { + htp_header_t *h_location = table_getc(tx->response_headers, "location"); + if (h_location != NULL) { + fprintf(aft->file_ctx->fp, " => "); + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(h_location->value), + bstr_len(h_location->value)); + } + } + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* length */ + fprintf(aft->file_ctx->fp, "%lu bytes", tx->response_message_len); /* ip/tcp header info */ fprintf(aft->file_ctx->fp, " [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n", @@ -319,6 +368,54 @@ TmEcode LogHttpLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P } else { fprintf(aft->file_ctx->fp, ""); } + fprintf(aft->file_ctx->fp, " [**] "); + + /* referer */ + htp_header_t *h_referer = table_getc(tx->request_headers, "referer"); + if (h_referer != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(h_referer->value), + bstr_len(h_referer->value)); + } else { + fprintf(aft->file_ctx->fp, ""); + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* method */ + if (tx->request_method != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(tx->request_method), + bstr_len(tx->request_method)); + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* protocol */ + if (tx->request_protocol != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(tx->request_protocol), + bstr_len(tx->request_protocol)); + } + + /* response status */ + if (tx->response_status != NULL) { + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(tx->response_status), + bstr_len(tx->response_status)); + /* Redirect? */ + if ((tx->response_status_number > 300) && ((tx->response_status_number) < 303)) { + htp_header_t *h_location = table_getc(tx->response_headers, "location"); + if (h_location != NULL) { + fprintf(aft->file_ctx->fp, " => "); + PrintRawUriFp(aft->file_ctx->fp, + (uint8_t *)bstr_ptr(h_location->value), + bstr_len(h_location->value)); + } + } + } + fprintf(aft->file_ctx->fp, " [**] "); + + /* length */ + fprintf(aft->file_ctx->fp, "%lu bytes", tx->response_message_len); /* ip/tcp header info */ fprintf(aft->file_ctx->fp, " [**] %s:%" PRIu16 " -> %s:%" PRIu16 "\n",