mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
0189b4d1eb
This patch separates http keys from file to have a different value list: { "time":"01\/31\/2014-12:04:52.837245","event_type":"file","src_ip":"5.3.1.1","src_port":80,"dest_ip":"1.8.1.9","dest_port":9539,"proto":"TCP", "http":{"url":"/foo/","hostname":"bar.com","http_refer":"http:\/\/bar.org","http_user_agent":"Mozilla\/5.0"}, "file":{"filename":"bar","magic":"unknown","state":"CLOSED","stored":false,"size":21} } One interest of this modification is that it is possible to use the same key as the one used in http events. Thus correlating both type of events is trivial. On code side, this will permit to factorize the code by simply asking the underlying protocol to output its info in a json object. Second interest is that adding file extraction for a new protocol will result in only changing the protocol specific json list. |
11 years ago | |
---|---|---|
benches | ||
contrib | ||
doc | ||
m4 | ||
qa | 11 years ago | |
rules | 11 years ago | |
scripts | ||
src | 11 years ago | |
.gitignore | ||
COPYING | ||
ChangeLog | ||
LICENSE | ||
Makefile.am | ||
Makefile.cvs | ||
acsite.m4 | ||
autogen.sh | ||
classification.config | ||
config.rpath | ||
configure.ac | 11 years ago | |
doxygen.cfg | 11 years ago | |
reference.config | ||
suricata.yaml.in | 11 years ago | |
threshold.config |