context->print_file_name(ss);
std::string file_name = ss.str();
- PacketTracer::daq_log("file+%" PRId64"++File Type[%s]/File ID[%lu] with name[%s] and size[%lu] detected."
- "File SHA is [%s], with verdict[%s]$",
+ PacketTracer::daq_log("file+%" PRId64"+Matched policy id %u, identification %s, signature %s, capture %s+"
+ "File with ID %lu, name %s, type %s, size %lu, SHA %s detected. Verdict %s.$",
TO_NSECS(pt_timer->get()),
- file_type_name(context->get_file_type()).c_str(),
+ context->get_policy_id(),
+ ((context->is_file_type_enabled() || context->get_file_type() || context->get_file_sig_sha256()) ? "<on>" : "<off>"),
+ ((context->is_file_signature_enabled() || context->get_file_sig_sha256()) ? "<on>" : "<off>"),
+ (context->is_file_capture_enabled() ? "<on>" : "<off>"),
context->get_file_id(),
- file_name.c_str(),
+ (file_name.empty() ? "<empty>" : file_name.c_str()),
+ file_type_name(context->get_file_type()).c_str(),
context->get_file_size(),
- (context->get_file_sig_sha256() ? context->sha_to_string(context->get_file_sig_sha256()).c_str(): "null"),
+ (context->get_file_sig_sha256() ? context->sha_to_string(context->get_file_sig_sha256()).c_str(): "<empty>"),
VerdictName[context->verdict].c_str());
}
bool is_file_signature_enabled();
void config_file_capture(bool enabled);
bool is_file_capture_enabled();
+ void set_policy_id(uint32_t id);
+ uint32_t get_policy_id();
// Preserve the file in memory until it is released
// The file reserved will be returned and it will be detached from file context/session
bool file_signature_enabled = false;
bool file_capture_enabled = false;
FileState file_state = { FILE_CAPTURE_SUCCESS, FILE_SIG_PROCESSING };
+ uint32_t policy_id = 0;
private:
void copy(const FileInfo& other);
file->config_file_type(type_enabled);
file->config_file_signature(signature_enabled);
file->config_file_capture(capture_enabled);
+ file->set_policy_id(0);
}
FileVerdict FilePolicy::type_lookup(Packet*, FileInfo* file)