aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

file-json: log http data using common function

Browse Source
pull/1667/head
Eric Leblond 10 years ago
parent 4ef12dcf5d
commit 94dbd303e4
1 changed files with 5 additions and 106 deletions
Show Stats Download Patch File Download Diff File

111
src/output-json-file.c
Unescape Escape View File

@ -53,6 +53,7 @@
#include "output.h"
#include "output-json.h"
#include "output-json-http.h"
#include "log-file.h"
#include "util-logopenfile.h"
@ -74,99 +75,6 @@ typedef struct JsonFileLogThread_ {
MemBuffer *buffer;
} JsonFileLogThread;
static json_t *LogFileMetaGetUri(const Packet *p, const File *ff)
{
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
HtpTxUserData *tx_ud = htp_tx_get_user_data(tx);
if (tx_ud != NULL && tx_ud->request_uri_normalized != NULL) {
char *s = bstr_util_strdup_to_c(tx_ud->request_uri_normalized);
if (s != NULL) {
js = json_string(s);
SCFree(s);
if (js != NULL)
return js;
}
}
}
}
return NULL;
}
static json_t *LogFileMetaGetHost(const Packet *p, const File *ff)
{
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL && tx->request_hostname != NULL) {
char *s = bstr_util_strdup_to_c(tx->request_hostname);
if (s != NULL) {
js = json_string(s);
SCFree(s);
if (js != NULL)
return js;
}
}
}
return NULL;
}
static json_t *LogFileMetaGetReferer(const Packet *p, const File *ff)
{
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
"Referer");
if (h != NULL) {
char *s = bstr_util_strdup_to_c(h->value);
if (s != NULL) {
js = json_string(s);
SCFree(s);
if (js != NULL)
return js;
}
}
}
}
return NULL;
}
static json_t *LogFileMetaGetUserAgent(const Packet *p, const File *ff)
{
HtpState *htp_state = (HtpState *)p->flow->alstate;
json_t *js = NULL;
if (htp_state != NULL) {
htp_tx_t *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP, htp_state, ff->txid);
if (tx != NULL) {
htp_header_t *h = NULL;
h = (htp_header_t *)htp_table_get_c(tx->request_headers,
"User-Agent");
if (h != NULL) {
char *s = bstr_util_strdup_to_c(h->value);
if (s != NULL) {
js = json_string(s);
SCFree(s);
if (js != NULL)
return js;
}
}
}
}
return NULL;
}
/**
* \internal
* \brief Write meta data on a single line json record
@ -175,33 +83,24 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
{
MemBuffer *buffer = (MemBuffer *)aft->buffer;
json_t *js = CreateJSONHeader((Packet *)p, 0, "fileinfo"); //TODO const
json_t *hjs = NULL;
if (unlikely(js == NULL))
return;
/* reset */
MemBufferReset(buffer);
json_t *hjs = json_object();
if (unlikely(hjs == NULL)) {
json_decref(js);
return;
}
json_object_set_new(hjs, "app_proto", json_string(AppProtoToString(p->flow->alproto)));
switch (p->flow->alproto) {
case ALPROTO_HTTP:
json_object_set_new(hjs, "url", LogFileMetaGetUri(p, ff));
json_object_set_new(hjs, "hostname", LogFileMetaGetHost(p, ff));
json_object_set_new(hjs, "http_refer", LogFileMetaGetReferer(p, ff));
json_object_set_new(hjs, "http_user_agent", LogFileMetaGetUserAgent(p, ff));
json_object_set_new(js, "http", hjs);
hjs = JsonHttpAddMetadata(p->flow);
if (hjs)
json_object_set_new(js, "http", hjs);
break;
}
json_t *fjs = json_object();
if (unlikely(fjs == NULL)) {
json_decref(hjs);
json_decref(js);
return;
}

Write Preview
Loading…
Cancel
Save