aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

logging/alert: Warn if metadata not selected

Browse Source 
Warn when HTTP body logging has been selected but applayer/metadata
logging is not configured.
pull/4290/head
Jeff Lucovsky 6 years ago committed by Victor Julien
parent 883cad1a86
commit 95879c0d5a
3 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File

12
src/output-json-alert.c
Unescape Escape View File

@ -97,6 +97,8 @@
LOG_JSON_APP_LAYER | \
LOG_JSON_RULE_METADATA)
#define JSON_BODY_LOGGING (LOG_JSON_HTTP_BODY | LOG_JSON_HTTP_BODY_BASE64)
#define JSON_STREAM_BUFFER_SIZE 4096
typedef struct AlertJsonOutputCtx_ {
@ -810,6 +812,7 @@ static void SetFlag(const ConfNode *conf, const char *name, uint16_t flag, uint1
static void JsonAlertLogSetupMetadata(AlertJsonOutputCtx *json_output_ctx,
ConfNode *conf)
{
static bool warn_no_meta = false;
uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;
uint16_t flags = METADATA_DEFAULTS;
@ -868,6 +871,15 @@ static void JsonAlertLogSetupMetadata(AlertJsonOutputCtx *json_output_ctx,
}
}
if (!warn_no_meta && flags & JSON_BODY_LOGGING) {
if (((flags & LOG_JSON_APP_LAYER) == 0)) {
SCLogWarning(SC_WARN_ALERT_CONFIG, "HTTP body logging has been configured, however, "
"metadata logging has not been enabled. HTTP body logging will be disabled.");
flags &= ~JSON_BODY_LOGGING;
warn_no_meta = true;
}
}
json_output_ctx->payload_buffer_size = payload_buffer_size;
}

1
src/util-error.c
Unescape Escape View File

@ -364,6 +364,7 @@ const char * SCErrorToString(SCError err)
CASE_CODE (SC_ERR_THASH_INIT);
CASE_CODE (SC_ERR_DATASET);
CASE_CODE (SC_WARN_ANOMALY_CONFIG);
CASE_CODE (SC_WARN_ALERT_CONFIG);
CASE_CODE (SC_ERR_MAX);
}

1
src/util-error.h
Unescape Escape View File

@ -354,6 +354,7 @@ typedef enum {
SC_ERR_THASH_INIT,
SC_ERR_DATASET,
SC_WARN_ANOMALY_CONFIG,
SC_WARN_ALERT_CONFIG,
SC_ERR_MAX
} SCError;

Write Preview
Loading…
Cancel
Save