mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
0189b4d1eb
This patch separates http keys from file to have a different value
list:
{
"time":"01\/31\/2014-12:04:52.837245","event_type":"file","src_ip":"5.3.1.1","src_port":80,"dest_ip":"1.8.1.9","dest_port":9539,"proto":"TCP",
"http":{"url":"/foo/","hostname":"bar.com","http_refer":"http:\/\/bar.org","http_user_agent":"Mozilla\/5.0"},
"file":{"filename":"bar","magic":"unknown","state":"CLOSED","stored":false,"size":21}
}
One interest of this modification is that it is possible to use the
same key as the one used in http events. Thus correlating both type
of events is trivial. On code side, this will permit to factorize
the code by simply asking the underlying protocol to output its
info in a json object.
Second interest is that adding file extraction for a new protocol
will result in only changing the protocol specific json list.
|
11 years ago | |
|---|---|---|
| benches | ||
| contrib | ||
| doc | ||
| m4 | ||
| qa | 11 years ago | |
| rules | 11 years ago | |
| scripts | ||
| src | 11 years ago | |
| .gitignore | ||
| COPYING | ||
| ChangeLog | ||
| LICENSE | ||
| Makefile.am | ||
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | ||
| classification.config | ||
| config.rpath | ||
| configure.ac | 11 years ago | |
| doxygen.cfg | 11 years ago | |
| reference.config | ||
| suricata.yaml.in | 11 years ago | |
| threshold.config | ||