-/* Copyright (C) 2016-2020 Open Information Security Foundation
+/* Copyright (C) 2016-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx,
const SigGroupHead *sgh, const Packet *p)
{
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "inspectedrules", NULL);
+ JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "inspectedrules", NULL, NULL);
if (js == NULL)
return;
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
WARN_ONCE(SC_ERR_SPRINTF,
"Failed to write file info record. Output filename truncated.");
} else {
- JsonBuilder *js_fileinfo = JsonBuildFileInfoRecord(p, ff, true, dir,
- ctx->xff_cfg);
+ JsonBuilder *js_fileinfo =
+ JsonBuildFileInfoRecord(p, ff, true, dir, ctx->xff_cfg, NULL);
if (likely(js_fileinfo != NULL)) {
jb_close(js_fileinfo);
FILE *out = fopen(js_metadata_filename, "w");
-/* Copyright (C) 2013-2020 Open Information Security Foundation
+/* Copyright (C) 2013-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
uint32_t payload_buffer_size;
HttpXFFCfg *xff_cfg;
HttpXFFCfg *parent_xff_cfg;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} AlertJsonOutputCtx;
typedef struct JsonAlertLogThread_ {
}
}
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "alert", &addr);
+ JsonBuilder *jb =
+ CreateEveHeader(p, LOG_DIR_PACKET, "alert", &addr, json_output_ctx->eve_ctx);
if (unlikely(jb == NULL))
return TM_ECODE_OK;
- EveAddCommonOptions(&json_output_ctx->cfg, p, p->flow, jb);
MemBufferReset(aft->json_buffer);
if ((p->flags & PKT_HAS_TAG) && (json_output_ctx->flags &
LOG_JSON_TAGGED_PACKETS)) {
MemBufferReset(aft->json_buffer);
- JsonBuilder *packetjs = CreateEveHeader(p, LOG_DIR_PACKET, "packet", NULL);
+ JsonBuilder *packetjs =
+ CreateEveHeader(p, LOG_DIR_PACKET, "packet", NULL, json_output_ctx->eve_ctx);
if (unlikely(packetjs != NULL)) {
EvePacket(p, packetjs, 0);
OutputJsonBuilderBuffer(packetjs, aft->file_ctx, &aft->json_buffer);
memset(json_output_ctx, 0, sizeof(AlertJsonOutputCtx));
json_output_ctx->file_ctx = ajt->file_ctx;
- json_output_ctx->cfg = ajt->cfg;
+ json_output_ctx->eve_ctx = ajt;
JsonAlertLogSetupMetadata(json_output_ctx, conf);
json_output_ctx->xff_cfg = JsonAlertLogGetXffCfg(conf);
-/* Copyright (C) 2019-2020 Open Information Security Foundation
+/* Copyright (C) 2019-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define TX_ID_UNUSED UINT64_MAX
typedef struct AnomalyJsonOutputCtx_ {
- LogFileCtx* file_ctx;
uint16_t flags;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} AnomalyJsonOutputCtx;
typedef struct JsonAnomalyLogThread_ {
static int AnomalyDecodeEventJson(ThreadVars *tv, JsonAnomalyLogThread *aft,
const Packet *p)
{
- const bool is_ip_pkt = PKT_IS_IPV4(p) || PKT_IS_IPV6(p);
const uint16_t log_type = aft->json_output_ctx->flags;
const bool log_stream = log_type & LOG_JSON_STREAM_TYPE;
const bool log_decode = log_type & LOG_JSON_DECODE_TYPE;
MemBufferReset(aft->json_buffer);
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL);
+ JsonBuilder *js = CreateEveHeader(
+ p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL, aft->json_output_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_OK;
}
- if (is_ip_pkt) {
- EveAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js);
- }
-
jb_open_object(js, ANOMALY_EVENT_TYPE);
if (event_code < DECODE_EVENT_MAX) {
if (tx_id != TX_ID_UNUSED) {
js = CreateEveHeaderWithTxId(p, LOG_DIR_PACKET,
ANOMALY_EVENT_TYPE, NULL, tx_id);
+ EveAddCommonOptions(&aft->json_output_ctx->eve_ctx->cfg, p, p->flow, js);
} else {
- js = CreateEveHeader(p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL);
+ js = CreateEveHeader(
+ p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL, aft->json_output_ctx->eve_ctx);
}
if (unlikely(js == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js);
jb_open_object(js, ANOMALY_EVENT_TYPE);
/** Use the Output Context (file pointer and mutex) */
AnomalyJsonOutputCtx *json_output_ctx = ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(json_output_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(json_output_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
goto error;
}
- json_output_ctx->file_ctx = ajt->file_ctx;
JsonAnomalyLogConf(json_output_ctx, conf);
- json_output_ctx->cfg = ajt->cfg;
+ json_output_ctx->eve_ctx = ajt;
output_ctx->data = json_output_ctx;
output_ctx->DeInit = JsonAnomalyLogDeInitCtxSubHelper;
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
{
OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dcerpc", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dcerpc", NULL, thread->ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED;
}
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
typedef struct LogDHCPFileCtx_ {
- LogFileCtx *file_ctx;
- uint32_t flags;
void *rs_logger;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} LogDHCPFileCtx;
typedef struct LogDHCPLogThread_ {
return TM_ECODE_OK;
}
- JsonBuilder *js = CreateEveHeader((Packet *)p, 0, "dhcp", NULL);
+ JsonBuilder *js = CreateEveHeader((Packet *)p, 0, "dhcp", NULL, ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_FAILED;
}
- EveAddCommonOptions(&thread->dhcplog_ctx->cfg, p, f, js);
-
rs_dhcp_logger_log(ctx->rs_logger, tx, js);
MemBufferReset(thread->buffer);
OutputCtx *parent_ctx)
{
OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
LogDHCPFileCtx *dhcplog_ctx = SCCalloc(1, sizeof(*dhcplog_ctx));
if (unlikely(dhcplog_ctx == NULL)) {
return result;
}
- dhcplog_ctx->file_ctx = ajt->file_ctx;
- dhcplog_ctx->cfg = ajt->cfg;
+ dhcplog_ctx->eve_ctx = parent_ctx->data;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->dhcplog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->dhcplog_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->dhcplog_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "output-json-dnp3-objects.h"
typedef struct LogDNP3FileCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags;
uint8_t include_object_data;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} LogDNP3FileCtx;
typedef struct LogDNP3LogThread_ {
MemBufferReset(buffer);
if (tx->has_request && tx->request_done) {
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL);
+ JsonBuilder *js =
+ CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL, thread->dnp3log_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js);
-
jb_open_object(js, "dnp3");
JsonDNP3LogRequest(js, tx);
jb_close(js);
MemBufferReset(buffer);
if (tx->has_response && tx->response_done) {
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL);
+ JsonBuilder *js =
+ CreateEveHeader(p, LOG_DIR_FLOW, "dnp3", NULL, thread->dnp3log_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&thread->dnp3log_ctx->cfg, p, f, js);
jb_open_object(js, "dnp3");
JsonDNP3LogResponse(js, tx);
jb_close(js);
if (unlikely(dnp3log_ctx == NULL)) {
return result;
}
- dnp3log_ctx->file_ctx = json_ctx->file_ctx;
- dnp3log_ctx->cfg = json_ctx->cfg;
+ dnp3log_ctx->eve_ctx = json_ctx;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->dnp3log_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->dnp3log_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->dnp3log_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
};
typedef struct LogDnsFileCtx_ {
- LogFileCtx *file_ctx;
uint64_t flags; /** Store mode */
DnsVersion version;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} LogDnsFileCtx;
typedef struct LogDnsLogThread_ {
}
for (uint16_t i = 0; i < 0xffff; i++) {
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL, dnslog_ctx->eve_ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
jb_open_object(jb, "dns");
if (!rs_dns_log_json_query(txptr, i, td->dnslog_ctx->flags, jb)) {
if (td->dnslog_ctx->version == DNS_VERSION_2) {
if (rs_dns_do_log_answer(txptr, td->dnslog_ctx->flags)) {
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL, dnslog_ctx->eve_ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
jb_open_object(jb, "dns");
rs_dns_log_json_answer(txptr, td->dnslog_ctx->flags, jb);
} else {
/* Log answers. */
for (uint16_t i = 0; i < UINT16_MAX; i++) {
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL, dnslog_ctx->eve_ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
JsonBuilder *answer = rs_dns_log_json_answer_v1(txptr, i,
td->dnslog_ctx->flags);
}
/* Log authorities. */
for (uint16_t i = 0; i < UINT16_MAX; i++) {
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "dns", NULL, dnslog_ctx->eve_ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&dnslog_ctx->cfg, p, f, jb);
JsonBuilder *answer = rs_dns_log_json_authority_v1(txptr, i,
td->dnslog_ctx->flags);
/* Use the Ouptut Context (file pointer and mutex) */
aft->dnslog_ctx= ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(aft->dnslog_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->dnslog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
}
memset(dnslog_ctx, 0x00, sizeof(LogDnsFileCtx));
- dnslog_ctx->file_ctx = ojc->file_ctx;
- dnslog_ctx->cfg = ojc->cfg;
+ dnslog_ctx->eve_ctx = ojc;
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define LOG_DROP_ALERTS 1
typedef struct JsonDropOutputCtx_ {
- LogFileCtx *file_ctx;
uint8_t flags;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} JsonDropOutputCtx;
typedef struct JsonDropLogThread_ {
JsonAddrInfo addr = json_addr_info_zero;
JsonAddrInfoInit(p, LOG_DIR_PACKET, &addr);
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "drop", &addr);
+ JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "drop", &addr, drop_ctx->eve_ctx);
if (unlikely(js == NULL))
return TM_ECODE_OK;
- EveAddCommonOptions(&drop_ctx->cfg, p, p->flow, js);
-
jb_open_object(js, "drop");
/* reset */
/** Use the Ouptut Context (file pointer and mutex) */
aft->drop_ctx = ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(aft->drop_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->drop_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
static void JsonDropOutputCtxFree(JsonDropOutputCtx *drop_ctx)
{
if (drop_ctx != NULL) {
- if (drop_ctx->file_ctx != NULL)
- LogFileFreeCtx(drop_ctx->file_ctx);
SCFree(drop_ctx);
}
}
}
}
- drop_ctx->file_ctx = ajt->file_ctx;
- drop_ctx->cfg = ajt->cfg;
+ drop_ctx->eve_ctx = ajt;
output_ctx->data = drop_ctx;
output_ctx->DeInit = JsonDropLogDeInitCtxSub;
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "stream-tcp-reassemble.h"
typedef struct OutputFileCtx_ {
- LogFileCtx *file_ctx;
uint32_t file_cnt;
HttpXFFCfg *xff_cfg;
HttpXFFCfg *parent_xff_cfg;
+ OutputJsonCtx *eve_ctx;
} OutputFileCtx;
typedef struct JsonFileLogThread_ {
MemBuffer *buffer;
} JsonFileLogThread;
-JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff,
- const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg)
+JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, const bool stored,
+ uint8_t dir, HttpXFFCfg *xff_cfg, OutputJsonCtx *eve_ctx)
{
enum OutputJsonLogDirection fdir = LOG_DIR_FLOW;
}
}
- JsonBuilder *js = CreateEveHeader(p, fdir, "fileinfo", &addr);
+ JsonBuilder *js = CreateEveHeader(p, fdir, "fileinfo", &addr, eve_ctx);
if (unlikely(js == NULL))
return NULL;
* \internal
* \brief Write meta data on a single line json record
*/
-static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p,
- const File *ff, uint32_t dir)
+static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff,
+ uint32_t dir, OutputJsonCtx *eve_ctx)
{
HttpXFFCfg *xff_cfg = aft->filelog_ctx->xff_cfg != NULL ?
aft->filelog_ctx->xff_cfg : aft->filelog_ctx->parent_xff_cfg;;
- JsonBuilder *js = JsonBuildFileInfoRecord(p, ff,
- ff->flags & FILE_STORED ? true : false, dir, xff_cfg);
+ JsonBuilder *js = JsonBuildFileInfoRecord(
+ p, ff, ff->flags & FILE_STORED ? true : false, dir, xff_cfg, eve_ctx);
if (unlikely(js == NULL)) {
return;
}
SCLogDebug("ff %p", ff);
- FileWriteJsonRecord(aft, p, ff, dir);
+ FileWriteJsonRecord(aft, p, ff, dir, aft->filelog_ctx->eve_ctx);
return 0;
}
/* Use the Ouptut Context (file pointer and mutex) */
aft->filelog_ctx = ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(aft->filelog_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->filelog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
return result;
}
- output_file_ctx->file_ctx = ojc->file_ctx;
-
if (conf) {
const char *force_filestore = ConfNodeLookupChildValue(conf, "force-filestore");
if (force_filestore != NULL && ConfValIsTrue(force_filestore)) {
output_file_ctx->parent_xff_cfg = ojc->xff_cfg;
}
+ output_file_ctx->eve_ctx = ojc;
output_ctx->data = output_file_ctx;
output_ctx->DeInit = OutputFileLogDeinitSub;
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "app-layer-htp-xff.h"
+typedef struct OutputJsonCtx_ OutputJsonCtx;
+
void JsonFileLogRegister(void);
-JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff,
- const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg);
+JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, const bool stored,
+ uint8_t dir, HttpXFFCfg *xff_cfg, OutputJsonCtx *eve_ctx);
#endif /* __OUTPUT_JSON_FILE_H__ */
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define LOG_IKE_EXTENDED (1 << 0)
typedef struct LogIKEFileCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} LogIKEFileCtx;
typedef struct LogIKELogThread_ {
void *tx, uint64_t tx_id)
{
LogIKELogThread *thread = thread_data;
- JsonBuilder *jb = CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "ike", NULL);
+ JsonBuilder *jb =
+ CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "ike", NULL, thread->ikelog_ctx->eve_ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED;
}
- EveAddCommonOptions(&thread->ikelog_ctx->cfg, p, f, jb);
LogIKEFileCtx *ike_ctx = thread->ikelog_ctx;
if (!rs_ike_logger_log(state, tx, ike_ctx->flags, jb)) {
if (unlikely(ikelog_ctx == NULL)) {
return result;
}
- ikelog_ctx->file_ctx = ajt->file_ctx;
- ikelog_ctx->cfg = ajt->cfg;
+ ikelog_ctx->eve_ctx = ajt;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->ikelog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->ikelog_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->ikelog_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "rust.h"
-typedef struct LogKRB5FileCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCommonSettings cfg;
-} LogKRB5FileCtx;
-
-typedef struct LogKRB5LogThread_ {
- LogFileCtx *file_ctx;
- LogKRB5FileCtx *krb5log_ctx;
- MemBuffer *buffer;
-} LogKRB5LogThread;
-
static int JsonKRB5Logger(ThreadVars *tv, void *thread_data,
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
KRB5Transaction *krb5tx = tx;
- LogKRB5LogThread *thread = thread_data;
+ OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "krb5", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "krb5", NULL, thread->ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED;
}
- EveAddCommonOptions(&thread->krb5log_ctx->cfg, p, f, jb);
-
jb_open_object(jb, "krb5");
if (!rs_krb5_log_json_response(jb, state, krb5tx)) {
goto error;
return TM_ECODE_FAILED;
}
-static void OutputKRB5LogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogKRB5FileCtx *krb5log_ctx = (LogKRB5FileCtx *)output_ctx->data;
- SCFree(krb5log_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputKRB5LogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogKRB5FileCtx *krb5log_ctx = SCCalloc(1, sizeof(*krb5log_ctx));
- if (unlikely(krb5log_ctx == NULL)) {
- return result;
- }
- krb5log_ctx->file_ctx = ajt->file_ctx;
- krb5log_ctx->cfg = ajt->cfg;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(krb5log_ctx);
- return result;
- }
- output_ctx->data = krb5log_ctx;
- output_ctx->DeInit = OutputKRB5LogDeInitCtxSub;
-
- SCLogDebug("KRB5 log sub-module initialized.");
-
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonKRB5LogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- LogKRB5LogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogKRB5. \"initdata\" is NULL.");
- goto error_exit;
- }
-
- thread->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (unlikely(thread->buffer == NULL)) {
- goto error_exit;
- }
-
- thread->krb5log_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->krb5log_ctx->file_ctx, t->id);
- if (!thread->file_ctx) {
- goto error_exit;
- }
- *data = (void *)thread;
-
- return TM_ECODE_OK;
-
-error_exit:
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonKRB5LogThreadDeinit(ThreadVars *t, void *data)
-{
- LogKRB5LogThread *thread = (LogKRB5LogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_OK;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonKRB5LogRegister(void)
{
/* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_KRB5, "eve-log", "JsonKRB5Log",
- "eve-log.krb5", OutputKRB5LogInitSub, ALPROTO_KRB5,
- JsonKRB5Logger, JsonKRB5LogThreadInit,
- JsonKRB5LogThreadDeinit, NULL);
+ OutputRegisterTxSubModule(LOGGER_JSON_KRB5, "eve-log", "JsonKRB5Log", "eve-log.krb5",
+ OutputKRB5LogInitSub, ALPROTO_KRB5, JsonKRB5Logger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
SCLogDebug("KRB5 JSON logger registered.");
}
-/* Copyright (C) 2013-2020 Open Information Security Foundation
+/* Copyright (C) 2013-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define MODULE_NAME "JsonMetadataLog"
-typedef struct MetadataJsonOutputCtx_ {
- LogFileCtx* file_ctx;
- OutputJsonCommonSettings cfg;
-} MetadataJsonOutputCtx;
-
-typedef struct JsonMetadataLogThread_ {
- /** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
- LogFileCtx* file_ctx;
- MemBuffer *json_buffer;
- MetadataJsonOutputCtx* json_output_ctx;
-} JsonMetadataLogThread;
-
-static int MetadataJson(ThreadVars *tv, JsonMetadataLogThread *aft, const Packet *p)
+static int MetadataJson(ThreadVars *tv, OutputJsonThreadCtx *aft, const Packet *p)
{
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "metadata", NULL);
+ JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "metadata", NULL, aft->ctx);
if (unlikely(js == NULL))
return TM_ECODE_OK;
- EveAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js);
- OutputJsonBuilderBuffer(js, aft->file_ctx, &aft->json_buffer);
+ /* If metadata is not enabled for eve, explicitly log it here as this is
+ * what logging metadata is about. */
+ if (!aft->ctx->cfg.include_metadata) {
+ EveAddMetadata(p, p->flow, js);
+ }
+ OutputJsonBuilderBuffer(js, aft->file_ctx, &aft->buffer);
jb_free(js);
return TM_ECODE_OK;
static int JsonMetadataLogger(ThreadVars *tv, void *thread_data, const Packet *p)
{
- JsonMetadataLogThread *aft = thread_data;
+ OutputJsonThreadCtx *aft = thread_data;
return MetadataJson(tv, aft, p);
}
return FALSE;
}
-static TmEcode JsonMetadataLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- JsonMetadataLogThread *aft = SCCalloc(1, sizeof(JsonMetadataLogThread));
- if (unlikely(aft == NULL))
- return TM_ECODE_FAILED;
-
- if(initdata == NULL) {
- SCLogDebug("Error getting context for EveLogMetadata. \"initdata\" argument NULL");
- goto error_exit;
- }
-
- aft->json_buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (aft->json_buffer == NULL) {
- goto error_exit;
- }
-
- /** Use the Output Context (file pointer and mutex) */
- MetadataJsonOutputCtx *json_output_ctx = ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(json_output_ctx->file_ctx, t->id);
- if (!aft->file_ctx) {
- goto error_exit;
- }
- aft->json_output_ctx = json_output_ctx;
-
- *data = (void *)aft;
- return TM_ECODE_OK;
-
-error_exit:
- if (aft->json_buffer != NULL) {
- MemBufferFree(aft->json_buffer);
- }
- SCFree(aft);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonMetadataLogThreadDeinit(ThreadVars *t, void *data)
-{
- JsonMetadataLogThread *aft = (JsonMetadataLogThread *)data;
- if (aft == NULL) {
- return TM_ECODE_OK;
- }
-
- MemBufferFree(aft->json_buffer);
-
- /* clear memory */
- memset(aft, 0, sizeof(JsonMetadataLogThread));
-
- SCFree(aft);
- return TM_ECODE_OK;
-}
-
-static void JsonMetadataLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- SCLogDebug("cleaning up sub output_ctx %p", output_ctx);
-
- MetadataJsonOutputCtx *json_output_ctx = (MetadataJsonOutputCtx *) output_ctx->data;
-
- if (json_output_ctx != NULL) {
- SCFree(json_output_ctx);
- }
- SCFree(output_ctx);
-}
-
-/**
- * \brief Create a new LogFileCtx for "fast" output style.
- * \param conf The configuration node for this output.
- * \return A LogFileCtx pointer on success, NULL on failure.
- */
-static OutputInitResult JsonMetadataLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
- MetadataJsonOutputCtx *json_output_ctx = NULL;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
- if (unlikely(output_ctx == NULL))
- return result;
-
- json_output_ctx = SCMalloc(sizeof(MetadataJsonOutputCtx));
- if (unlikely(json_output_ctx == NULL)) {
- goto error;
- }
- memset(json_output_ctx, 0, sizeof(MetadataJsonOutputCtx));
-
- json_output_ctx->file_ctx = ajt->file_ctx;
- json_output_ctx->cfg = ajt->cfg;
- /* override config setting as this logger is about metadata */
- json_output_ctx->cfg.include_metadata = true;
-
- output_ctx->data = json_output_ctx;
- output_ctx->DeInit = JsonMetadataLogDeInitCtxSub;
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-
-error:
- if (json_output_ctx != NULL) {
- SCFree(json_output_ctx);
- }
- if (output_ctx != NULL) {
- SCFree(output_ctx);
- }
-
- return result;
-}
-
void JsonMetadataLogRegister (void)
{
- OutputRegisterPacketSubModule(LOGGER_JSON_METADATA, "eve-log", MODULE_NAME,
- "eve-log.metadata", JsonMetadataLogInitCtxSub, JsonMetadataLogger,
- JsonMetadataLogCondition, JsonMetadataLogThreadInit,
- JsonMetadataLogThreadDeinit, NULL);
+ OutputRegisterPacketSubModule(LOGGER_JSON_METADATA, "eve-log", MODULE_NAME, "eve-log.metadata",
+ OutputJsonLogInitSub, JsonMetadataLogger, JsonMetadataLogCondition, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
/* Kept for compatibility. */
- OutputRegisterPacketSubModule(LOGGER_JSON_METADATA, "eve-log", MODULE_NAME,
- "eve-log.vars", JsonMetadataLogInitCtxSub, JsonMetadataLogger,
- JsonMetadataLogCondition, JsonMetadataLogThreadInit,
- JsonMetadataLogThreadDeinit, NULL);
+ OutputRegisterPacketSubModule(LOGGER_JSON_METADATA, "eve-log", MODULE_NAME, "eve-log.vars",
+ OutputJsonLogInitSub, JsonMetadataLogger, JsonMetadataLogCondition, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
}
-/* Copyright (C) 2020 Open Information Security Foundation
+/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define MQTT_DEFAULTS (MQTT_LOG_PASSWORDS)
typedef struct LogMQTTFileCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags;
+ OutputJsonCtx *eve_ctx;
} LogMQTTFileCtx;
typedef struct LogMQTTLogThread_ {
dir = LOG_DIR_FLOW_TOSERVER;
}
- JsonBuilder *js = CreateEveHeader(p, dir, "mqtt", NULL);
+ JsonBuilder *js = CreateEveHeader(p, dir, "mqtt", NULL, thread->mqttlog_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_FAILED;
}
goto error;
MemBufferReset(thread->buffer);
- OutputJsonBuilderBuffer(js, thread->file_ctx, &thread->buffer);
+ OutputJsonBuilderBuffer(js, thread->mqttlog_ctx->eve_ctx->file_ctx, &thread->buffer);
jb_free(js);
return TM_ECODE_OK;
if (unlikely(mqttlog_ctx == NULL)) {
return result;
}
- mqttlog_ctx->file_ctx = ajt->file_ctx;
+ mqttlog_ctx->eve_ctx = ajt;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->mqttlog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->mqttlog_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->mqttlog_ctx->eve_ctx->file_ctx, t->id);
*data = (void *)thread;
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
if (rs_nfs_tx_logging_is_filtered(state, nfstx))
return TM_ECODE_OK;
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "nfs", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "nfs", NULL, thread->ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&thread->ctx->cfg, p, f, jb);
jb_open_object(jb, "rpc");
rs_rpc_log_json_response(tx, jb);
-/* Copyright (C) 2019-2020 Open Information Security Foundation
+/* Copyright (C) 2019-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "output-json-rdp.h"
#include "rust.h"
-typedef struct LogRdpFileCtx_ {
- LogFileCtx *file_ctx;
- uint32_t flags;
- OutputJsonCommonSettings cfg;
-} LogRdpFileCtx;
-
-typedef struct LogRdpLogThread_ {
- LogRdpFileCtx *rdplog_ctx;
- LogFileCtx *file_ctx;
- MemBuffer *buffer;
-} LogRdpLogThread;
-
static int JsonRdpLogger(ThreadVars *tv, void *thread_data,
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
- LogRdpLogThread *thread = thread_data;
+ OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "rdp", NULL);
+ JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "rdp", NULL, thread->ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&thread->rdplog_ctx->cfg, p, f, js);
if (!rs_rdp_to_json(tx, js)) {
jb_free(js);
return TM_ECODE_FAILED;
return TM_ECODE_OK;
}
-static void OutputRdpLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogRdpFileCtx *rdplog_ctx = (LogRdpFileCtx *)output_ctx->data;
- SCFree(rdplog_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputRdpLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogRdpFileCtx *rdplog_ctx = SCCalloc(1, sizeof(*rdplog_ctx));
- if (unlikely(rdplog_ctx == NULL)) {
- return result;
- }
- rdplog_ctx->file_ctx = ajt->file_ctx;
- rdplog_ctx->cfg = ajt->cfg;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(rdplog_ctx);
- return result;
- }
- output_ctx->data = rdplog_ctx;
- output_ctx->DeInit = OutputRdpLogDeInitCtxSub;
-
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
-
- SCLogDebug("rdp log sub-module initialized.");
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonRdpLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogRdp. \"initdata\" is NULL.");
- return TM_ECODE_FAILED;
- }
-
- LogRdpLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- thread->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (unlikely(thread->buffer == NULL)) {
- goto error_exit;
- }
-
- thread->rdplog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->rdplog_ctx->file_ctx, t->id);
- if (!thread->file_ctx) {
- goto error_exit;
- }
-
- *data = (void *)thread;
- return TM_ECODE_OK;
-
-error_exit:
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonRdpLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogRdpLogThread *thread = (LogRdpLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_OK;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonRdpLogRegister(void)
{
/* Register as an eve sub-module. */
- OutputRegisterTxSubModule(
- LOGGER_JSON_RDP,
- "eve-log",
- "JsonRdpLog",
- "eve-log.rdp",
- OutputRdpLogInitSub,
- ALPROTO_RDP,
- JsonRdpLogger,
- JsonRdpLogThreadInit,
- JsonRdpLogThreadDeinit,
- NULL
- );
+ OutputRegisterTxSubModule(LOGGER_JSON_RDP, "eve-log", "JsonRdpLog", "eve-log.rdp",
+ OutputRdpLogInitSub, ALPROTO_RDP, JsonRdpLogger, JsonLogThreadInit, JsonLogThreadDeinit,
+ NULL);
SCLogDebug("rdp json logger registered.");
}
-/* Copyright (C) 2020 Open Information Security Foundation
+/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "rust-bindings.h"
-typedef struct LogRFBFileCtx_ {
- LogFileCtx *file_ctx;
- uint32_t flags;
-} LogRFBFileCtx;
-
-typedef struct LogRFBLogThread_ {
- LogRFBFileCtx *rfblog_ctx;
- LogFileCtx *file_ctx;
- MemBuffer *buffer;
-} LogRFBLogThread;
-
bool JsonRFBAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *js)
{
RFBState *state = FlowGetAppState(f);
static int JsonRFBLogger(ThreadVars *tv, void *thread_data,
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
- LogRFBLogThread *thread = thread_data;
+ OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "rfb", NULL);
+ JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "rfb", NULL, thread->ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_FAILED;
}
return TM_ECODE_FAILED;
}
-static void OutputRFBLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogRFBFileCtx *rfblog_ctx = (LogRFBFileCtx *)output_ctx->data;
- SCFree(rfblog_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputRFBLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogRFBFileCtx *rfblog_ctx = SCCalloc(1, sizeof(*rfblog_ctx));
- if (unlikely(rfblog_ctx == NULL)) {
- return result;
- }
- rfblog_ctx->file_ctx = ajt->file_ctx;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(rfblog_ctx);
- return result;
- }
- output_ctx->data = rfblog_ctx;
- output_ctx->DeInit = OutputRFBLogDeInitCtxSub;
-
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonRFBLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogRFB. \"initdata\" is NULL.");
- return TM_ECODE_FAILED;
- }
-
- LogRFBLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- thread->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (unlikely(thread->buffer == NULL)) {
- goto error_exit;
- }
-
- thread->rfblog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->rfblog_ctx->file_ctx, t->id);
- if (!thread->file_ctx) {
- goto error_exit;
- }
- *data = (void *)thread;
-
- return TM_ECODE_OK;
-
-error_exit:
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonRFBLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogRFBLogThread *thread = (LogRFBLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_OK;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonRFBLogRegister(void)
{
/* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_RFB, "eve-log",
- "JsonRFBLog", "eve-log.rfb",
- OutputRFBLogInitSub, ALPROTO_RFB, JsonRFBLogger,
- JsonRFBLogThreadInit, JsonRFBLogThreadDeinit, NULL);
+ OutputRegisterTxSubModule(LOGGER_JSON_RFB, "eve-log", "JsonRFBLog", "eve-log.rfb",
+ OutputRFBLogInitSub, ALPROTO_RFB, JsonRFBLogger, JsonLogThreadInit, JsonLogThreadDeinit,
+ NULL);
}
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "rust.h"
-typedef struct LogSIPFileCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCommonSettings cfg;
-} LogSIPFileCtx;
-
-typedef struct LogSIPLogThread_ {
- LogFileCtx *file_ctx;
- LogSIPFileCtx *siplog_ctx;
- MemBuffer *buffer;
-} LogSIPLogThread;
-
void JsonSIPAddMetadata(JsonBuilder *js, const Flow *f, uint64_t tx_id)
{
SIPState *state = FlowGetAppState(f);
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
SIPTransaction *siptx = tx;
- LogSIPLogThread *thread = thread_data;
+ OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *js = CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "sip", NULL);
+ JsonBuilder *js = CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "sip", NULL, thread->ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_OK;
}
- EveAddCommonOptions(&thread->siplog_ctx->cfg, p, f, js);
if (!rs_sip_log_json(siptx, js)) {
goto error;
return TM_ECODE_FAILED;
}
-static void OutputSIPLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogSIPFileCtx *siplog_ctx = (LogSIPFileCtx *)output_ctx->data;
- SCFree(siplog_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputSIPLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogSIPFileCtx *siplog_ctx = SCCalloc(1, sizeof(*siplog_ctx));
- if (unlikely(siplog_ctx == NULL)) {
- return result;
- }
- siplog_ctx->file_ctx = ajt->file_ctx;
- siplog_ctx->cfg = ajt->cfg;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(siplog_ctx);
- return result;
- }
- output_ctx->data = siplog_ctx;
- output_ctx->DeInit = OutputSIPLogDeInitCtxSub;
-
- SCLogDebug("SIP log sub-module initialized.");
-
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-#define OUTPUT_BUFFER_SIZE 65535
-
-static TmEcode JsonSIPLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- LogSIPLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogSIP. \"initdata\" is NULL.");
- goto error_exit;
- }
-
- thread->buffer = MemBufferCreateNew(OUTPUT_BUFFER_SIZE);
- if (unlikely(thread->buffer == NULL)) {
- goto error_exit;
- }
-
- thread->siplog_ctx = ((OutputCtx *)initdata)->data;
-
- thread->file_ctx = LogFileEnsureExists(thread->siplog_ctx->file_ctx, t->id);
- if (!thread->file_ctx) {
- goto error_exit;
- }
- *data = (void *)thread;
-
- return TM_ECODE_OK;
-
-error_exit:
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonSIPLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogSIPLogThread *thread = (LogSIPLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_OK;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonSIPLogRegister(void)
{
/* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_SIP, "eve-log", "JsonSIPLog",
- "eve-log.sip", OutputSIPLogInitSub, ALPROTO_SIP,
- JsonSIPLogger, JsonSIPLogThreadInit,
- JsonSIPLogThreadDeinit, NULL);
+ OutputRegisterTxSubModule(LOGGER_JSON_SIP, "eve-log", "JsonSIPLog", "eve-log.sip",
+ OutputSIPLogInitSub, ALPROTO_SIP, JsonSIPLogger, JsonLogThreadInit, JsonLogThreadDeinit,
+ NULL);
SCLogDebug("SIP JSON logger registered.");
}
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
{
OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "smb", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_FLOW, "smb", NULL, thread->ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED;
}
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "rust.h"
-typedef struct LogSNMPFileCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCommonSettings cfg;
-} LogSNMPFileCtx;
-
-typedef struct LogSNMPLogThread_ {
- LogFileCtx *file_ctx;
- LogSNMPFileCtx *snmplog_ctx;
- MemBuffer *buffer;
-} LogSNMPLogThread;
-
static int JsonSNMPLogger(ThreadVars *tv, void *thread_data,
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
SNMPTransaction *snmptx = tx;
- LogSNMPLogThread *thread = thread_data;
+ OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "snmp", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "snmp", NULL, thread->ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED;
}
- EveAddCommonOptions(&thread->snmplog_ctx->cfg, p, f, jb);
-
jb_open_object(jb, "snmp");
if (!rs_snmp_log_json_response(jb, state, snmptx)) {
goto error;
return TM_ECODE_FAILED;
}
-static void OutputSNMPLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogSNMPFileCtx *snmplog_ctx = (LogSNMPFileCtx *)output_ctx->data;
- SCFree(snmplog_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputSNMPLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogSNMPFileCtx *snmplog_ctx = SCCalloc(1, sizeof(*snmplog_ctx));
- if (unlikely(snmplog_ctx == NULL)) {
- return result;
- }
- snmplog_ctx->file_ctx = ajt->file_ctx;
- snmplog_ctx->cfg = ajt->cfg;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(snmplog_ctx);
- return result;
- }
- output_ctx->data = snmplog_ctx;
- output_ctx->DeInit = OutputSNMPLogDeInitCtxSub;
-
- SCLogDebug("SNMP log sub-module initialized.");
-
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonSNMPLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- LogSNMPLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogSNMP. \"initdata\" is NULL.");
- goto error_exit;
- }
-
- thread->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (unlikely(thread->buffer == NULL)) {
- goto error_exit;
- }
-
- thread->snmplog_ctx = ((OutputCtx *)initdata)->data;
-
- thread->file_ctx = LogFileEnsureExists(thread->snmplog_ctx->file_ctx, t->id);
- if (!thread->file_ctx) {
- goto error_exit;
- }
-
- *data = (void *)thread;
- return TM_ECODE_OK;
-
-error_exit:
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonSNMPLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogSNMPLogThread *thread = (LogSNMPLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_OK;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonSNMPLogRegister(void)
{
/* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_SNMP, "eve-log", "JsonSNMPLog",
- "eve-log.snmp", OutputSNMPLogInitSub, ALPROTO_SNMP,
- JsonSNMPLogger, JsonSNMPLogThreadInit,
- JsonSNMPLogThreadDeinit, NULL);
+ OutputRegisterTxSubModule(LOGGER_JSON_SNMP, "eve-log", "JsonSNMPLog", "eve-log.snmp",
+ OutputSNMPLogInitSub, ALPROTO_SNMP, JsonSNMPLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
SCLogDebug("SNMP JSON logger registered.");
}
-/* Copyright (C) 2014-2020 Open Information Security Foundation
+/* Copyright (C) 2014-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define MODULE_NAME "LogSshLog"
-typedef struct OutputSshCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCommonSettings cfg;
-} OutputSshCtx;
-
-
-typedef struct JsonSshLogThread_ {
- OutputSshCtx *sshlog_ctx;
- LogFileCtx *file_ctx;
- MemBuffer *buffer;
-} JsonSshLogThread;
-
-
static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p,
Flow *f, void *state, void *txptr, uint64_t tx_id)
{
- JsonSshLogThread *aft = (JsonSshLogThread *)thread_data;
- OutputSshCtx *ssh_ctx = aft->sshlog_ctx;
+ OutputJsonThreadCtx *thread = thread_data;
if (unlikely(state == NULL)) {
return 0;
if (unlikely(js == NULL))
return 0;
- EveAddCommonOptions(&ssh_ctx->cfg, p, f, js);
+ EveAddCommonOptions(&thread->ctx->cfg, p, f, js);
/* reset */
- MemBufferReset(aft->buffer);
+ MemBufferReset(thread->buffer);
jb_open_object(js, "ssh");
if (!rs_ssh_log_json(txptr, js)) {
goto end;
}
jb_close(js);
- OutputJsonBuilderBuffer(js, aft->file_ctx, &aft->buffer);
+ OutputJsonBuilderBuffer(js, thread->file_ctx, &thread->buffer);
end:
jb_free(js);
return 0;
}
-static TmEcode JsonSshLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogSSH. \"initdata\" argument NULL");
- return TM_ECODE_FAILED;
- }
-
- JsonSshLogThread *aft = SCCalloc(1, sizeof(JsonSshLogThread));
- if (unlikely(aft == NULL))
- return TM_ECODE_FAILED;
-
- /* Use the Output Context (file pointer and mutex) */
- aft->sshlog_ctx = ((OutputCtx *)initdata)->data;
-
- aft->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (aft->buffer == NULL) {
- goto error_exit;
- }
-
- aft->file_ctx = LogFileEnsureExists(aft->sshlog_ctx->file_ctx, t->id);
- if (!aft->file_ctx) {
- goto error_exit;
- }
-
- *data = (void *)aft;
- return TM_ECODE_OK;
-
-error_exit:
- if (aft->buffer != NULL) {
- MemBufferFree(aft->buffer);
- }
- SCFree(aft);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonSshLogThreadDeinit(ThreadVars *t, void *data)
-{
- JsonSshLogThread *aft = (JsonSshLogThread *)data;
- if (aft == NULL) {
- return TM_ECODE_OK;
- }
-
- MemBufferFree(aft->buffer);
- /* clear memory */
- memset(aft, 0, sizeof(JsonSshLogThread));
-
- SCFree(aft);
- return TM_ECODE_OK;
-}
-
-static void OutputSshLogDeinitSub(OutputCtx *output_ctx)
-{
- OutputSshCtx *ssh_ctx = output_ctx->data;
- SCFree(ssh_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputSshLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ojc = parent_ctx->data;
-
- OutputSshCtx *ssh_ctx = SCMalloc(sizeof(OutputSshCtx));
- if (unlikely(ssh_ctx == NULL))
- return result;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(ssh_ctx);
- return result;
- }
-
- ssh_ctx->file_ctx = ojc->file_ctx;
- ssh_ctx->cfg = ojc->cfg;
-
- output_ctx->data = ssh_ctx;
- output_ctx->DeInit = OutputSshLogDeinitSub;
-
AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonSshLogRegister (void)
{
/* register as child of eve-log */
- OutputRegisterTxSubModuleWithCondition(LOGGER_JSON_SSH,
- "eve-log", "JsonSshLog", "eve-log.ssh",
- OutputSshLogInitSub, ALPROTO_SSH, JsonSshLogger,
- SSHTxLogCondition, JsonSshLogThreadInit, JsonSshLogThreadDeinit, NULL);
+ OutputRegisterTxSubModuleWithCondition(LOGGER_JSON_SSH, "eve-log", "JsonSshLog", "eve-log.ssh",
+ OutputSshLogInitSub, ALPROTO_SSH, JsonSshLogger, SSHTxLogCondition, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
}
-/* Copyright (C) 2018-2020 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "rust.h"
typedef struct LogTemplateFileCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags;
+ OutputJsonCtx *eve_ctx;
} LogTemplateFileCtx;
typedef struct LogTemplateLogThread_ {
SCLogNotice("JsonTemplateLogger");
LogTemplateLogThread *thread = thread_data;
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "template-rust", NULL);
+ JsonBuilder *js = CreateEveHeader(
+ p, LOG_DIR_PACKET, "template-rust", NULL, thread->templatelog_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_FAILED;
}
if (unlikely(templatelog_ctx == NULL)) {
return result;
}
- templatelog_ctx->file_ctx = ajt->file_ctx;
+ templatelog_ctx->eve_ctx = ajt;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->templatelog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->templatelog_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->templatelog_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2015-2020 Open Information Security Foundation
+/* Copyright (C) 2015-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "output-json-template.h"
typedef struct LogTemplateFileCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags;
+ OutputJsonCtx *eve_ctx;
} LogTemplateFileCtx;
typedef struct LogTemplateLogThread_ {
SCLogNotice("Logging template transaction %"PRIu64".", templatetx->tx_id);
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "template", NULL);
+ JsonBuilder *js =
+ CreateEveHeader(p, LOG_DIR_PACKET, "template", NULL, thread->templatelog_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return TM_ECODE_FAILED;
}
if (unlikely(templatelog_ctx == NULL)) {
return result;
}
- templatelog_ctx->file_ctx = ajt->file_ctx;
+ templatelog_ctx->eve_ctx = ajt;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->templatelog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->templatelog_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->templatelog_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2020 Open Information Security Foundation
+/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "rust.h"
-typedef struct LogTFTPFileCtx_ {
- LogFileCtx *file_ctx;
- uint32_t flags;
- OutputJsonCommonSettings cfg;
-} LogTFTPFileCtx;
-
-typedef struct LogTFTPLogThread_ {
- LogFileCtx *file_ctx;
- LogTFTPFileCtx *tftplog_ctx;
- MemBuffer *buffer;
-} LogTFTPLogThread;
-
static int JsonTFTPLogger(ThreadVars *tv, void *thread_data,
const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
- LogTFTPLogThread *thread = thread_data;
+ OutputJsonThreadCtx *thread = thread_data;
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "tftp", NULL);
+ JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "tftp", NULL, thread->ctx);
if (unlikely(jb == NULL)) {
return TM_ECODE_FAILED;
}
}
jb_close(jb);
- EveAddCommonOptions(&thread->tftplog_ctx->cfg, p, f, jb);
MemBufferReset(thread->buffer);
OutputJsonBuilderBuffer(jb, thread->file_ctx, &thread->buffer);
return TM_ECODE_FAILED;
}
-static void OutputTFTPLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogTFTPFileCtx *tftplog_ctx = (LogTFTPFileCtx *)output_ctx->data;
- SCFree(tftplog_ctx);
- SCFree(output_ctx);
-}
-
static OutputInitResult OutputTFTPLogInitSub(ConfNode *conf,
OutputCtx *parent_ctx)
{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogTFTPFileCtx *tftplog_ctx = SCCalloc(1, sizeof(*tftplog_ctx));
- if (unlikely(tftplog_ctx == NULL)) {
- return result;
- }
- tftplog_ctx->file_ctx = ajt->file_ctx;
- tftplog_ctx->cfg = ajt->cfg;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(tftplog_ctx);
- return result;
- }
- output_ctx->data = tftplog_ctx;
- output_ctx->DeInit = OutputTFTPLogDeInitCtxSub;
-
- SCLogDebug("TFTP log sub-module initialized.");
-
AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonTFTPLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- LogTFTPLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogTFTP. \"initdata\" is NULL.");
- goto error_exit;
- }
-
- thread->buffer = MemBufferCreateNew(JSON_OUTPUT_BUFFER_SIZE);
- if (unlikely(thread->buffer == NULL)) {
- goto error_exit;
- }
-
- thread->tftplog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->tftplog_ctx->file_ctx, t->id);
- if (!thread->file_ctx) {
- goto error_exit;
- }
- *data = (void *)thread;
-
- return TM_ECODE_OK;
-
-error_exit:
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonTFTPLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogTFTPLogThread *thread = (LogTFTPLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- if (thread->buffer != NULL) {
- MemBufferFree(thread->buffer);
- }
- SCFree(thread);
- return TM_ECODE_OK;
+ return OutputJsonLogInitSub(conf, parent_ctx);
}
void JsonTFTPLogRegister(void)
{
/* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TFTP, "eve-log", "JsonTFTPLog",
- "eve-log.tftp", OutputTFTPLogInitSub,
- ALPROTO_TFTP, JsonTFTPLogger,
- JsonTFTPLogThreadInit, JsonTFTPLogThreadDeinit,
- NULL);
+ OutputRegisterTxSubModule(LOGGER_JSON_TFTP, "eve-log", "JsonTFTPLog", "eve-log.tftp",
+ OutputTFTPLogInitSub, ALPROTO_TFTP, JsonTFTPLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
SCLogDebug("TFTP JSON logger registered.");
}
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
};
typedef struct OutputTlsCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags; /** Store mode */
uint64_t fields; /** Store fields */
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} OutputTlsCtx;
return 0;
}
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "tls", NULL);
+ JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "tls", NULL, aft->tlslog_ctx->eve_ctx);
if (unlikely(js == NULL)) {
return 0;
}
- EveAddCommonOptions(&tls_ctx->cfg, p, f, js);
-
jb_open_object(js, "tls");
/* reset */
/* use the Output Context (file pointer and mutex) */
aft->tlslog_ctx = ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(aft->tlslog_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->tlslog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
return result;
}
- tls_ctx->file_ctx = ojc->file_ctx;
- tls_ctx->cfg = ojc->cfg;
+ tls_ctx->eve_ctx = ojc;
if ((tls_ctx->fields & LOG_TLS_FIELD_CERTIFICATE) &&
(tls_ctx->fields & LOG_TLS_FIELD_CHAIN)) {
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
}
}
-static void EveAddMetadata(const Packet *p, const Flow *f, JsonBuilder *js)
+void EveAddMetadata(const Packet *p, const Flow *f, JsonBuilder *js)
{
if ((p && p->pktvar) || (f && f->flowvar)) {
JsonBuilder *js_vars = jb_new_object();
}
JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
- const char *event_type, JsonAddrInfo *addr)
+ const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx)
{
char timebuf[64];
const Flow *f = (const Flow *)p->flow;
break;
}
+ if (eve_ctx != NULL) {
+ EveAddCommonOptions(&eve_ctx->cfg, p, f, js);
+ }
+
return js;
}
JsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, uint64_t tx_id)
{
- JsonBuilder *js = CreateEveHeader(p, dir, event_type, addr);
+ JsonBuilder *js = CreateEveHeader(p, dir, event_type, addr, NULL);
if (unlikely(js == NULL))
return NULL;
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
size_t expand_by; /**< expand by this size */
} OutputJSONMemBufferWrapper;
-int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
-
-void CreateEveFlowId(JsonBuilder *js, const Flow *f);
-void EveFileInfo(JsonBuilder *js, const File *file, const bool stored);
-void EveTcpFlags(uint8_t flags, JsonBuilder *js);
-void EvePacket(const Packet *p, JsonBuilder *js, unsigned long max_length);
-JsonBuilder *CreateEveHeader(const Packet *p,
- enum OutputJsonLogDirection dir, const char *event_type,
- JsonAddrInfo *addr);
-JsonBuilder *CreateEveHeaderWithTxId(const Packet *p,
- enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr,
- uint64_t tx_id);
-int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
-int OutputJsonBuilderBuffer(JsonBuilder *js, LogFileCtx *file_ctx, MemBuffer **buffer);
-OutputInitResult OutputJsonInitCtx(ConfNode *);
-
-OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
-TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
-TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
-
typedef struct OutputJsonCommonSettings_ {
bool include_metadata;
bool include_community_id;
json_t *SCJsonString(const char *val);
+void CreateEveFlowId(JsonBuilder *js, const Flow *f);
+void EveFileInfo(JsonBuilder *js, const File *file, const bool stored);
+void EveTcpFlags(uint8_t flags, JsonBuilder *js);
+void EvePacket(const Packet *p, JsonBuilder *js, unsigned long max_length);
+JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
+ const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx);
+JsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
+ const char *event_type, JsonAddrInfo *addr, uint64_t tx_id);
+int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
+int OutputJsonBuilderBuffer(JsonBuilder *js, LogFileCtx *file_ctx, MemBuffer **buffer);
+OutputInitResult OutputJsonInitCtx(ConfNode *);
+
+OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
+TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
+TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
+
void EveAddCommonOptions(const OutputJsonCommonSettings *cfg,
const Packet *p, const Flow *f, JsonBuilder *js);
+void EveAddMetadata(const Packet *p, const Flow *f, JsonBuilder *js);
+
+int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
#endif /* __OUTPUT_JSON_H__ */
projects / thirdparty / suricata.git / commitdiff
