#ifdef HAVE_LIBJANSSON
-#define LOG_JSON_PAYLOAD 1
-#define LOG_JSON_PACKET 2
-#define LOG_JSON_PAYLOAD_BASE64 4
-#define LOG_JSON_HTTP 8
-#define LOG_JSON_TLS 16
-#define LOG_JSON_SSH 32
-#define LOG_JSON_SMTP 64
+#define LOG_JSON_PAYLOAD 0x01
+#define LOG_JSON_PACKET 0x02
+#define LOG_JSON_PAYLOAD_BASE64 0x04
+#define LOG_JSON_HTTP 0x08
+#define LOG_JSON_TLS 0x10
+#define LOG_JSON_SSH 0x20
+#define LOG_JSON_SMTP 0x40
+#define LOG_JSON_TAGGED_PACKETS 0x80
#define JSON_STREAM_BUFFER_SIZE 4096
json_object_clear(js);
json_decref(js);
- if (p->flags & PKT_HAS_TAG) {
+ if ((p->flags & PKT_HAS_TAG) && (json_output_ctx->flags &
+ LOG_JSON_TAGGED_PACKETS)) {
MemBufferReset(aft->json_buffer);
json_t *packetjs = CreateJSONHeader((Packet *)p, 0, "packet");
if (unlikely(packetjs != NULL)) {
const char *tls = ConfNodeLookupChildValue(conf, "tls");
const char *ssh = ConfNodeLookupChildValue(conf, "ssh");
const char *smtp = ConfNodeLookupChildValue(conf, "smtp");
+ const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");
if (ssh != NULL) {
if (ConfValIsTrue(ssh)) {
json_output_ctx->flags |= LOG_JSON_PACKET;
}
}
+ if (tagged_packets != NULL) {
+ if (ConfValIsTrue(tagged_packets)) {
+ json_output_ctx->flags |= LOG_JSON_TAGGED_PACKETS;
+ }
+ }
json_output_ctx->payload_buffer_size = payload_buffer_size;
HttpXFFGetCfg(conf, xff_cfg);
ssh: yes # enable dumping of ssh fields
smtp: yes # enable dumping of smtp fields
+ # Enable the logging of tagged packets for rules using the
+ # "tag" keyword.
+ tagged-packets: yes
+
# HTTP X-Forwarded-For support by adding an extra field or overwriting
# the source or destination IP address (depending on flow direction)
# with the one reported in the X-Forwarded-For HTTP header. This is
projects / thirdparty / suricata.git / commitdiff
