aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,435 Commits
7 Branches
161 Tags
209 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5be5e7c879'
${ noResults }
Commit Graph

79 Commits (5be5e7c879b0c095335e5f521e901dceffeb55a5)

Author SHA1 Message Date
Victor Julien f47fd2c243 rust/json: expose json_boolean 8 years ago
Victor Julien 41e6c6dc36 flow: enforce 51 bits id globally 8 years ago
Victor Julien ab1200fbd7 compiler: more strict compiler warnings 
Set flags by default:

    -Wmissing-prototypes
    -Wmissing-declarations
    -Wstrict-prototypes
    -Wwrite-strings
    -Wcast-align
    -Wbad-function-cast
    -Wformat-security
    -Wno-format-nonliteral
    -Wmissing-format-attribute
    -funsigned-char

Fix minor compiler warnings for these new flags on gcc and clang.
 8 years ago
fooinha a64e5e77c7 eve: async mode for redis output 
eve: detects libevent for async redis at configure
eve: moves redis output code to new file - util-log-redis.{c,h}
eve: redis ECHO and QUIT commands for async mode
eve: redis output defaults if conf is missing
 8 years ago
Jason Ish 673549e5cf eve: log number of events dropped at exit 8 years ago
Mats Klepsland 7293286f2f output-json: move code to get 5-tuple to own function 
Move code to get 5-tuple in JSON object to own function 'JsonFiveTuple'.
This enables this code to be reused when printing 'parent' JSON object in
output-json-alert.
 9 years ago
Mats Klepsland 65317ba865 output-json: make JSON flags in eve-log user configurable 9 years ago
Victor Julien 99517cbd53 lua: support key/value flowvars in lua 9 years ago
Victor Julien 996112edf5 pktvars: same name pktvars, key-value vars 9 years ago
Victor Julien 1a2ad059a1 eve: log pktvars/flowvars/bits/ints 
Optionally logs 'vars' into alerts
 9 years ago
Jason Ish 1b4ba4496c logging: rename registration functions to not have tmm 
As the logging modules are no longer threading modules, rename
them so they don't look like they are being registered as
threading modules.

Also, move the registration to the output.c which will handle
registration of the loggers.
 9 years ago
Jason Ish 9489d5b9e3 logging: remove dead code from output-json 
The "parent" json logger was setup like a real logger, but
some of that code was never being called.
 9 years ago
Victor Julien b81ea0d7db eve: reduce flow_id to 51 bits 
Evebox & ELK couldn't handle the large integers. It looks like (partly)
a javascript limitation that doesn't treat 64bit ints as real ints.
 9 years ago
Victor Julien 9ca34fa5c9 eve: output more unique flow_id 9 years ago
maxtors 9d3fd82849 Removed duplicate include statements. 9 years ago
maxtors 69863f7b1c Corrected and unified debugmessages for init data errors in *ThreadInit. 9 years ago
Jason Ish 8edbc20a07 flow: record the flow hash for use as the output flow id 
Provides a consistent hash for a flow, as well as a better
distribution than using a memory address.
 9 years ago
Victor Julien 53704ea468 output-json: constify API 10 years ago
Victor Julien fb90358e17 conf: explicitly ignore retval (CID 1353490) 10 years ago
Victor Julien 3f3ed71fe7 jansson: cleanup JSON_ESCAPE_SLASH use 10 years ago
Victor Julien 40cf1f8ef7 json: make membuffer helper public 
Make json_t to MemBuffer helper public so it can reused.
 10 years ago
Victor Julien c446abeb47 jansson: include in suricata-common.h 10 years ago
Jason Ish 3d2834a232 json: use top-level sensor-name if provided. 
Currently the default configuration file contains a "sensor-name"
at the root of the configuration file, however, eve-log will only
use it if its specified under eve-log.

Now we will look for it at the eve-log, if present we'll use it
but log a deprecation warning, if its not present we'll look
for sensor-name at the root of the configuration.
 10 years ago
Victor Julien 8bb1cf08ef eve: fix mishandling of big messages 
When the string representation of a JSON message grew bigger than
64k, the JSON record would just be truncated. This lead to errors
in the parser(s) of the JSON stream.

This patch changes the buffer logic to grow the buffer on demand.
 10 years ago
Victor Julien ac476de5ed json: small improvement to log message wording 10 years ago
Eric Leblond 9930f447d2 output-json: fix regression on log prefix handling 
The log prefix option was not anymore honored due to a regression
caused by some recent code.
 10 years ago
Victor Julien bec913b40c json: fix malformed output 
Even though the json output callback is called with a null terminated
string, it's not useable directly. The size parameter to the callback
might be a lot smaller than the string size. Libjansson gives the size
up to the first point that needs escaping.
 10 years ago
Victor Julien c80990fe10 output: cleanup JSON logging 10 years ago
Victor Julien ad5a753dde output-json: don't alloc for JSON to string 10 years ago
Eric Leblond 2ea4bbc492 util-logopenfile: move sensor_name to filectx 
We will now output the sensor name independantly of the output
method if it is set in the YAML file. In the case of redis we are
using the hostname value if unset.
 10 years ago
Eric Leblond f11b269ef1 redis-output: fix sensor-name code 
The sensor-name was not freed at exist and the result of SCStrdup
was not checked.
 10 years ago
Eric Leblond f953fdfbac util-logopenfile: introduce SCConfLogOpenRedis 
Introduce a function to realize the parsing and config file and
opening of connection to the database. Only used by output-json
for now it will be usable by other logging modules.
 10 years ago
Eric Leblond a13be67b5e util-logopenfile: add write function 
Introduce a function LogFileWrite that will handle the writing with
respect of the type defined in the configuration. This is used in
this patch to remove the write complexity from output-json.
 10 years ago
Eric Leblond 60ea49c777 output-json: add sensor-name config variable 
When using redis output, we are loosing the host key (added by
logstash or logstash-forwarder) and we can't find anymore what
Suricata did cause the alert.

This patch is adding this key during message generation using the
'sensor-name' variable or the hostname is 'sensor-name' is not
defined.
 10 years ago
Eric Leblond 31c91d53bb output-json: improve hiredis define 
Use #ifdef instead of #if and don't include the header which is
not needed anymore.
 10 years ago
Eric Leblond eef5678e5e output-json: add redis support 
This patch adds redis support to JSON output.
 10 years ago
Eric Leblond 113d6a3950 output-json: add create header with tx function 
To be able to correlate between events, it is better to have the
tx_id information in the root object. This function adds a new
function to automate the addition of the field.
 10 years ago
Jason Ish b512580bbe logging: integrate rotation into SCConfLogOpenGeneric. 
Addresses issue 1492, and will make it harder to omit
rotation on new outputs.
 10 years ago
Zachary Rasmor 0edf28a4f8 Add Feature #1454. Generic eve-log prefix support. 10 years ago
Victor Julien 1e8142c699 logfile: rename ALERT_ types to LOGFILE_TYPE_ 10 years ago
Eric Leblond 4c6a7bea30 output-json: suppress global variable 
It uses the new type field in the LogFileCtx instead.

This fixes the problem of not being able to use two eve-json
instance with different logging methods.
 10 years ago
Zachary Rasmor f0c659f82f Fix Bug #1204 
Fix typo that causes eve syslog settings code to be unreachable.
 10 years ago
Victor Julien a3de4ecd97 Suppress debug statements 11 years ago
Christophe M 6c2ae469be Fix to output a JSON buffer to an Unix domain socket. 
Create the JSON buffer and write to it like regular file.

Upper function SCConfLogOpenGeneric already handle it properly.

Closes issue #1246.
 11 years ago
Ken Steele 8f1d75039a Enforce function coding standard 
Functions should be defined as:

int foo(void)
{
}

Rather than:
int food(void) {
}

All functions where changed by a script to match this standard.
 11 years ago
Alexander Gozman a6dbf627b2 Add input interface's name to JSON log 11 years ago
Victor Julien f1185d051c flow id: quick and dirty first stab at a flow id 
Add a 'flow_id' that is the same for all records produced for packets
belonging to the same flow.

This patch simply takes the flow's memory address.
 11 years ago
Victor Julien eaf01449e3 json: add tcp flags to json utility function 
Turns a flags bitfield into a set of json bools.
 11 years ago
Victor Julien fdd407751e Fix eve 'filetype' parsing 
Now that we use 'filetype' instead of 'type', we should also
use 'regular' instead of 'file'.

Added fallback to make sure we stay compatible to old configs.
 11 years ago
Alexander Gozman 8048eebd39 Fix handling filetype for eve log 11 years ago