pub fn AppLayerParserStateIssetFlag(state: *mut c_void, flag: u16) -> u16;
pub fn AppLayerParserSetStreamDepth(ipproto: u8, alproto: AppProto, stream_depth: u32);
pub fn AppLayerParserConfParserEnabled(ipproto: *const c_char, proto: *const c_char) -> c_int;
+ pub fn AppLayerParserRegisterLogger(pproto: u8, alproto: AppProto);
}
#[repr(C)]
SCLogError!("Invalid value for template.max-tx");
}
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
SCLogNotice!("Rust template parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for TEMPLATE.");
{
SCLogDebug!("Failed to register protocol detection pattern for direction TOCLIENT");
}
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT);
SCLogDebug!("Parser registered for bittorrent-dht.");
} else {
SCLogError!("Invalid value for http2.max-reassembly-size");
}
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
SCLogDebug!("Rust http2 parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for HTTP2.");
use asn1_rs::FromDer;
use crate::applayer::{self, *};
use crate::core;
-use crate::core::{AppProto,Flow,ALPROTO_FAILED,ALPROTO_UNKNOWN,Direction};
+use crate::core::{AppProto,Flow,ALPROTO_FAILED,ALPROTO_UNKNOWN,Direction, IPPROTO_TCP, IPPROTO_UDP};
#[derive(AppLayerEvent)]
pub enum KRB5Event {
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
} else {
SCLogDebug!("Protocol detector and parser disabled for KRB5/UDP.");
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
} else {
SCLogDebug!("Protocol detector and parser disabled for KRB5/TCP.");
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS);
}
}
let _ = AppLayerRegisterParser(&parser, alproto);
}
SCLogDebug!("Rust quic parser registered.");
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC);
} else {
SCLogDebug!("Protocol detector and parser disabled for quic.");
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
}
}
let _ = AppLayerRegisterParser(&parser, alproto);
}
SCLogDebug!("Rust rfb parser registered.");
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
} else {
SCLogDebug!("Protocol detector and parser disabled for RFB.");
}
use crate::applayer::{self, *};
use crate::core;
-use crate::core::{AppProto, ALPROTO_UNKNOWN};
+use crate::core::{AppProto, ALPROTO_UNKNOWN, IPPROTO_TCP, IPPROTO_UDP};
use crate::frames::*;
use crate::sip::parser::*;
use nom7::Err;
if register_pattern_probe(core::IPPROTO_UDP) < 0 {
return;
}
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
} else {
SCLogDebug!("Protocol detection and parsing disabled for UDP SIP.");
}
if register_pattern_probe(core::IPPROTO_TCP) < 0 {
return;
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP);
} else {
SCLogDebug!("Protocol detection and parsing disabled for TCP SIP.");
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
} else {
SCLogDebug!("Protocol detector and parser disabled for SNMP.");
}
if AppLayerParserConfParserEnabled(ip_proto_str.as_ptr(), parser.name) != 0 {
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
SCLogDebug!("Rust ssh parser registered.");
} else {
SCLogNotice!("Protocol detector and parser disabled for SSH.");
output = io.StringIO()
inlines = open(filename).readlines()
for i, line in enumerate(inlines):
- if line.find("ALPROTO_TEMPLATE") > -1:
- new_line = line.replace("TEMPLATE", proto.upper()).replace(
- "template", proto.lower())
- output.write(new_line)
- if line.find("output-json-template.h") > -1:
- output.write(line.replace("template", proto.lower()))
if line.find("/* Template JSON logger.") > -1:
output.write(inlines[i].replace("Template", proto))
output.write(inlines[i+1].replace("Template", proto))
+ output.write(inlines[i+2].replace("TEMPLATE", proto.upper()).replace(
+ "template", proto.lower()).replace("Template", proto))
+ output.write(inlines[i+3])
+ if line.find("rs_template_logger_log") > -1:
+ output.write(inlines[i].replace("TEMPLATE", proto.upper()).replace(
+ "template", proto.lower()))
+ if line.find("OutputTemplateLogInitSub(") > -1:
+ output.write(inlines[i].replace("Template", proto))
+ output.write(inlines[i+1])
+ output.write(inlines[i+2].replace("TEMPLATE", proto.upper()))
+ output.write(inlines[i+3])
+ output.write(inlines[i+4])
output.write(line)
open(filename, "w").write(output.getvalue())
lower = proto.lower()
pairs = (
- ("src/output-json-template.h",
- "src/output-json-%s.h" % (lower)),
- ("src/output-json-template.c",
- "src/output-json-%s.c" % (lower)),
("rust/src/applayertemplate/logger.rs",
"rust/src/applayer%s/logger.rs" % (lower)),
)
common_copy_templates(proto, pairs)
-def logger_patch_makefile_am(protoname):
- filename = "src/Makefile.am"
- print("Patching %s." % (filename))
- output = io.StringIO()
- with open(filename) as infile:
- for line in infile:
- if line.lstrip().startswith("output-json-template."):
- output.write(line.replace("template", protoname.lower()))
- output.write(line)
- open(filename, "w").write(output.getvalue())
-
def detect_copy_templates(proto, buffername):
lower = proto.lower()
raise SetupError("no app-layer parser exists for %s" % (proto))
logger_copy_templates(proto)
patch_rust_applayer_mod_rs(proto)
- logger_patch_makefile_am(proto)
logger_patch_output_c(proto)
logger_patch_suricata_yaml_in(proto)
output.h \
output-json-alert.h \
output-json-anomaly.h \
- output-json-bittorrent-dht.h \
output-json-dcerpc.h \
output-json-dhcp.h \
output-json-dnp3.h \
output-json-frame.h \
output-json-ftp.h \
output-json.h \
- output-json-http2.h \
output-json-http.h \
output-json-ike.h \
- output-json-krb5.h \
output-json-metadata.h \
- output-json-modbus.h \
- output-json-quic.h \
output-json-mqtt.h \
output-json-netflow.h \
output-json-nfs.h \
output-json-pgsql.h \
- output-json-rdp.h \
- output-json-rfb.h \
- output-json-sip.h \
output-json-smb.h \
output-json-smtp.h \
- output-json-snmp.h \
- output-json-ssh.h \
output-json-stats.h \
- output-json-template.h \
- output-json-tftp.h \
output-json-tls.h \
output-eve-syslog.h \
output-lua.h \
output-flow.c \
output-json-alert.c \
output-json-anomaly.c \
- output-json-bittorrent-dht.c \
output-json.c \
output-json-common.c \
output-json-dcerpc.c \
output-json-flow.c \
output-json-frame.c \
output-json-ftp.c \
- output-json-http2.c \
output-json-http.c \
output-json-ike.c \
- output-json-krb5.c \
output-json-metadata.c \
- output-json-modbus.c \
- output-json-quic.c \
output-json-mqtt.c \
output-json-netflow.c \
output-json-nfs.c \
output-json-pgsql.c \
- output-json-rdp.c \
- output-json-rfb.c \
- output-json-sip.c \
output-json-smb.c \
output-json-smtp.c \
- output-json-snmp.c \
- output-json-ssh.c \
output-json-stats.c \
- output-json-template.c \
- output-json-tftp.c \
output-json-tls.c \
output-eve.c \
output-eve-syslog.c \
AppLayerParserRegisterGetEventInfo(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info);
AppLayerParserRegisterGetEventInfoById(IPPROTO_TCP, ALPROTO_FTP, ftp_get_event_info_by_id);
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP);
+ AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA);
+
sbcfg.buf_size = 4096;
sbcfg.Calloc = FTPCalloc;
sbcfg.Realloc = FTPRealloc;
TFTPProbingParser);
}
}
+ AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
} else {
SCLogDebug("Protocol detector and parser disabled for TFTP.");
return;
#include "output-json-nfs.h"
#include "output-json-smb.h"
#include "output-json-flow.h"
-#include "output-json-sip.h"
-#include "output-json-rfb.h"
#include "output-json-mqtt.h"
#include "output-json-ike.h"
-#include "output-json-modbus.h"
#include "output-json-frame.h"
-#include "output-json-quic.h"
#include "util-print.h"
#include "util-optimize.h"
+++ /dev/null
-/* Copyright (C) 2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * Implement JSON/eve logging app-layer BitTorrent DHT.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "output-json-bittorrent-dht.h"
-#include "rust.h"
-
-typedef struct LogBitTorrentDHTFileCtx_ {
- uint32_t flags;
- OutputJsonCtx *eve_ctx;
-} LogBitTorrentDHTFileCtx;
-
-typedef struct LogBitTorrentDHTLogThread_ {
- LogBitTorrentDHTFileCtx *bittorrent_dht_log_ctx;
- OutputJsonThreadCtx *ctx;
-} LogBitTorrentDHTLogThread;
-
-static int JsonBitTorrentDHTLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
- void *state, void *tx, uint64_t tx_id)
-{
- LogBitTorrentDHTLogThread *thread = thread_data;
-
- JsonBuilder *js = CreateEveHeader(
- p, LOG_DIR_PACKET, "bittorrent_dht", NULL, thread->bittorrent_dht_log_ctx->eve_ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (!rs_bittorrent_dht_logger_log(tx, js)) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(js, thread->ctx);
- jb_free(js);
-
- return TM_ECODE_OK;
-
-error:
- jb_free(js);
- return TM_ECODE_FAILED;
-}
-
-static void OutputBitTorrentDHTLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogBitTorrentDHTFileCtx *bittorrent_dht_log_ctx = (LogBitTorrentDHTFileCtx *)output_ctx->data;
- SCFree(bittorrent_dht_log_ctx);
- SCFree(output_ctx);
-}
-
-static OutputInitResult OutputBitTorrentDHTLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogBitTorrentDHTFileCtx *bittorrent_dht_log_ctx = SCCalloc(1, sizeof(*bittorrent_dht_log_ctx));
- if (unlikely(bittorrent_dht_log_ctx == NULL)) {
- return result;
- }
- bittorrent_dht_log_ctx->eve_ctx = ajt;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(bittorrent_dht_log_ctx);
- return result;
- }
- output_ctx->data = bittorrent_dht_log_ctx;
- output_ctx->DeInit = OutputBitTorrentDHTLogDeInitCtxSub;
-
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_BITTORRENT_DHT);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonBitTorrentDHTLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- LogBitTorrentDHTLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogBitTorrentDHT. \"initdata\" is NULL.");
- goto error_exit;
- }
-
- thread->bittorrent_dht_log_ctx = ((OutputCtx *)initdata)->data;
- thread->ctx = CreateEveThreadCtx(t, thread->bittorrent_dht_log_ctx->eve_ctx);
- if (!thread->ctx) {
- goto error_exit;
- }
- *data = (void *)thread;
-
- return TM_ECODE_OK;
-
-error_exit:
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonBitTorrentDHTLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogBitTorrentDHTLogThread *thread = (LogBitTorrentDHTLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- FreeEveThreadCtx(thread->ctx);
- SCFree(thread);
- return TM_ECODE_OK;
-}
-
-void JsonBitTorrentDHTLogRegister(void)
-{
- if (ConfGetNode("app-layer.protocols.bittorrent-dht") == NULL) {
- return;
- }
-
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonBitTorrentDHTLog",
- "eve-log.bittorrent-dht", OutputBitTorrentDHTLogInitSub, ALPROTO_BITTORRENT_DHT,
- JsonBitTorrentDHTLogger, JsonBitTorrentDHTLogThreadInit,
- JsonBitTorrentDHTLogThreadDeinit, NULL);
-}
+++ /dev/null
-/* Copyright (C) 2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- */
-
-#ifndef SURICATA_OUTPUT_JSON_BITTORRENT_DHT_H
-#define SURICATA_OUTPUT_JSON_BITTORRENT_DHT_H
-
-void JsonBitTorrentDHTLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_BITTORRENT_DHT_H */
#include "output-json-email-common.h"
#include "output-json-nfs.h"
#include "output-json-smb.h"
-#include "output-json-http2.h"
#include "app-layer-htp.h"
#include "app-layer-htp-xff.h"
jb_close(jb);
return true;
}
-
-
-static int JsonFTPLogger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id)
-{
- SCEnter();
- OutputJsonThreadCtx *thread = thread_data;
-
- const char *event_type;
- if (f->alproto == ALPROTO_FTPDATA) {
- event_type = "ftp_data";
- } else {
- event_type = "ftp";
- }
-
- JsonBuilder *jb =
- CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, event_type, NULL, tx_id, thread->ctx);
- if (likely(jb)) {
- if (f->alproto == ALPROTO_FTPDATA) {
- if (!EveFTPDataAddMetadata(vtx, jb)) {
- goto fail;
- }
- } else {
- EveFTPLogCommand(vtx, jb);
- }
-
- OutputJsonBuilderBuffer(jb, thread);
-
- jb_free(jb);
- }
- return TM_ECODE_OK;
-
-fail:
- jb_free(jb);
- return TM_ECODE_FAILED;
-}
-
-static OutputInitResult OutputFTPLogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTP);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_FTPDATA);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonFTPLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonFTPLog", "eve-log.ftp",
- OutputFTPLogInitSub, ALPROTO_FTP, JsonFTPLogger, JsonLogThreadInit, JsonLogThreadDeinit,
- NULL);
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonFTPLog", "eve-log.ftp",
- OutputFTPLogInitSub, ALPROTO_FTPDATA, JsonFTPLogger, JsonLogThreadInit,
- JsonLogThreadDeinit, NULL);
-
- SCLogDebug("FTP JSON logger registered.");
-}
#ifndef SURICATA_OUTPUT_JSON_FTP_H
#define SURICATA_OUTPUT_JSON_FTP_H
-void JsonFTPLogRegister(void);
bool EveFTPLogCommand(void *vtx, JsonBuilder *js);
#endif /* SURICATA_OUTPUT_JSON_FTP_H */
+++ /dev/null
-/* Copyright (C) 2020-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Philippe Antoine <p.antoine@catenacyber.fr>
- *
- * Implements HTTP2 JSON logging portion of the engine.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-print.h"
-#include "util-unittest.h"
-
-#include "util-debug.h"
-#include "app-layer-parser.h"
-#include "output.h"
-#include "app-layer-http2.h"
-#include "app-layer.h"
-#include "util-privs.h"
-#include "util-buffer.h"
-
-#include "util-logopenfile.h"
-
-#include "output-json.h"
-#include "output-json-http2.h"
-#include "rust.h"
-
-#define MODULE_NAME "LogHttp2Log"
-
-typedef struct OutputHttp2Ctx_ {
- OutputJsonCtx *eve_ctx;
-} OutputHttp2Ctx;
-
-
-typedef struct JsonHttp2LogThread_ {
- OutputHttp2Ctx *http2log_ctx;
- OutputJsonThreadCtx *ctx;
-} JsonHttp2LogThread;
-
-static int JsonHttp2Logger(ThreadVars *tv, void *thread_data, const Packet *p,
- Flow *f, void *state, void *txptr, uint64_t tx_id)
-{
- JsonHttp2LogThread *aft = (JsonHttp2LogThread *)thread_data;
-
- if (unlikely(state == NULL)) {
- return 0;
- }
-
- JsonBuilder *js = CreateEveHeaderWithTxId(
- p, LOG_DIR_FLOW, "http", NULL, tx_id, aft->http2log_ctx->eve_ctx);
- if (unlikely(js == NULL))
- return 0;
-
- if (!rs_http2_log_json(txptr, js)) {
- goto end;
- }
- OutputJsonBuilderBuffer(js, aft->ctx);
-end:
- jb_free(js);
- return 0;
-}
-
-static TmEcode JsonHttp2LogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- JsonHttp2LogThread *aft = SCCalloc(1, sizeof(JsonHttp2LogThread));
- if (unlikely(aft == NULL))
- return TM_ECODE_FAILED;
-
- if(initdata == NULL)
- {
- SCLogDebug("Error getting context for EveLogHTTP2. \"initdata\" argument NULL");
- goto error_exit;
- }
-
- /* Use the Output Context (file pointer and mutex) */
- aft->http2log_ctx = ((OutputCtx *)initdata)->data;
- aft->ctx = CreateEveThreadCtx(t, aft->http2log_ctx->eve_ctx);
- if (!aft->ctx) {
- goto error_exit;
- }
-
- *data = (void *)aft;
- return TM_ECODE_OK;
-
-error_exit:
- SCFree(aft);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonHttp2LogThreadDeinit(ThreadVars *t, void *data)
-{
- JsonHttp2LogThread *aft = (JsonHttp2LogThread *)data;
- if (aft == NULL) {
- return TM_ECODE_OK;
- }
-
- FreeEveThreadCtx(aft->ctx);
- /* clear memory */
- memset(aft, 0, sizeof(JsonHttp2LogThread));
-
- SCFree(aft);
- return TM_ECODE_OK;
-}
-
-static void OutputHttp2LogDeinitSub(OutputCtx *output_ctx)
-{
- OutputHttp2Ctx *http2_ctx = output_ctx->data;
- SCFree(http2_ctx);
- SCFree(output_ctx);
-}
-
-static OutputInitResult OutputHttp2LogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ojc = parent_ctx->data;
-
- OutputHttp2Ctx *http2_ctx = SCCalloc(1, sizeof(OutputHttp2Ctx));
- if (unlikely(http2_ctx == NULL))
- return result;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(http2_ctx);
- return result;
- }
-
- http2_ctx->eve_ctx = ojc;
-
- output_ctx->data = http2_ctx;
- output_ctx->DeInit = OutputHttp2LogDeinitSub;
-
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-void JsonHttp2LogRegister (void)
-{
- /* also register as child of eve-log */
- OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_TX, "eve-log", MODULE_NAME, "eve-log.http2",
- OutputHttp2LogInitSub, ALPROTO_HTTP2, JsonHttp2Logger, HTTP2StateClosed,
- HTTP2StateClosed, JsonHttp2LogThreadInit, JsonHttp2LogThreadDeinit, NULL);
-}
+++ /dev/null
-/* Copyright (C) 2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Philippe Antoine <p.antoine@catenacyber.fr>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_HTTP2_H
-#define SURICATA_OUTPUT_JSON_HTTP2_H
-
-void JsonHttp2LogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_HTTP2_H */
+++ /dev/null
-/* Copyright (C) 2018-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Pierre Chifflier <chifflier@wzdftpd.net>
- *
- * Implement JSON/eve logging app-layer KRB5.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "app-layer-krb5.h"
-#include "output-json-krb5.h"
-
-#include "rust.h"
-
-static int JsonKRB5Logger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
-{
- KRB5Transaction *krb5tx = tx;
- OutputJsonThreadCtx *thread = thread_data;
-
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "krb5", NULL, thread->ctx);
- if (unlikely(jb == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (!rs_krb5_log_json_response(krb5tx, jb)) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(jb, thread);
-
- jb_free(jb);
- return TM_ECODE_OK;
-
-error:
- jb_free(jb);
- return TM_ECODE_FAILED;
-}
-
-static OutputInitResult OutputKRB5LogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonKRB5LogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonKRB5Log", "eve-log.krb5",
- OutputKRB5LogInitSub, ALPROTO_KRB5, JsonKRB5Logger, JsonLogThreadInit,
- JsonLogThreadDeinit, NULL);
-
- SCLogDebug("KRB5 JSON logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2015 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Pierre Chifflier <chifflier@wzdftpd.net>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_KRB5_H
-#define SURICATA_OUTPUT_JSON_KRB5_H
-
-void JsonKRB5LogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_KRB5_H */
+++ /dev/null
-/* Copyright (C) 2019-2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-#include "output.h"
-#include "output-json.h"
-#include "app-layer.h"
-#include "app-layer-parser.h"
-#include "output-json-modbus.h"
-#include "rust.h"
-
-typedef struct LogModbusFileCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCtx *eve_ctx;
-} LogModbusFileCtx;
-
-typedef struct JsonModbusLogThread_ {
- LogModbusFileCtx *modbuslog_ctx;
- OutputJsonThreadCtx *ctx;
-} JsonModbusLogThread;
-
-static int JsonModbusLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
- void *state, void *tx, uint64_t tx_id)
-{
- JsonModbusLogThread *thread = thread_data;
-
- JsonBuilder *js =
- CreateEveHeader(p, LOG_DIR_FLOW, "modbus", NULL, thread->modbuslog_ctx->eve_ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_OK;
- }
- if (!rs_modbus_to_json(tx, js)) {
- jb_free(js);
- return TM_ECODE_FAILED;
- }
- OutputJsonBuilderBuffer(js, thread->ctx);
-
- jb_free(js);
- return TM_ECODE_OK;
-}
-
-static void OutputModbusLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogModbusFileCtx *modbuslog_ctx = (LogModbusFileCtx *)output_ctx->data;
- SCFree(modbuslog_ctx);
- SCFree(output_ctx);
-}
-
-static OutputInitResult OutputModbusLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogModbusFileCtx *modbuslog_ctx = SCCalloc(1, sizeof(*modbuslog_ctx));
- if (unlikely(modbuslog_ctx == NULL)) {
- return result;
- }
- modbuslog_ctx->file_ctx = ajt->file_ctx;
- modbuslog_ctx->eve_ctx = ajt;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(modbuslog_ctx);
- return result;
- }
- output_ctx->data = modbuslog_ctx;
- output_ctx->DeInit = OutputModbusLogDeInitCtxSub;
-
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_MODBUS);
-
- SCLogDebug("modbus log sub-module initialized.");
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonModbusLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogModbus. \"initdata\" is NULL.");
- return TM_ECODE_FAILED;
- }
-
- JsonModbusLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- thread->modbuslog_ctx = ((OutputCtx *)initdata)->data;
- thread->ctx = CreateEveThreadCtx(t, thread->modbuslog_ctx->eve_ctx);
- if (thread->ctx == NULL) {
- goto error_exit;
- }
-
- *data = (void *)thread;
- return TM_ECODE_OK;
-
-error_exit:
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonModbusLogThreadDeinit(ThreadVars *t, void *data)
-{
- JsonModbusLogThread *thread = (JsonModbusLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- FreeEveThreadCtx(thread->ctx);
- SCFree(thread);
- return TM_ECODE_OK;
-}
-
-void JsonModbusLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonModbusLog", "eve-log.modbus",
- OutputModbusLogInitSub, ALPROTO_MODBUS, JsonModbusLogger, JsonModbusLogThreadInit,
- JsonModbusLogThreadDeinit, NULL);
-
- SCLogDebug("modbus json logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2019 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-#ifndef SURICATA_OUTPUT_JSON_MODBUS_H
-#define SURICATA_OUTPUT_JSON_MODBUS_H
-
-void JsonModbusLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_MODBUS_H */
+++ /dev/null
-/* Copyright (C) 2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * Implements JSON/eve logging for Quic app-layer.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-#include "output.h"
-#include "output-json.h"
-#include "app-layer.h"
-#include "app-layer-parser.h"
-#include "output-json-quic.h"
-#include "rust.h"
-
-typedef struct LogQuicFileCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCtx *eve_ctx;
-} LogQuicFileCtx;
-
-typedef struct JsonQuicLogThread_ {
- LogQuicFileCtx *quiclog_ctx;
- OutputJsonThreadCtx *ctx;
-} JsonQuicLogThread;
-
-static int JsonQuicLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state,
- void *tx, uint64_t tx_id)
-{
- JsonQuicLogThread *thread = thread_data;
-
- JsonBuilder *js =
- CreateEveHeader(p, LOG_DIR_PACKET, "quic", NULL, thread->quiclog_ctx->eve_ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_OK;
- }
- if (!rs_quic_to_json(tx, js)) {
- jb_free(js);
- return TM_ECODE_FAILED;
- }
- OutputJsonBuilderBuffer(js, thread->ctx);
-
- jb_free(js);
- return TM_ECODE_OK;
-}
-
-static void OutputQuicLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogQuicFileCtx *quiclog_ctx = (LogQuicFileCtx *)output_ctx->data;
- SCFree(quiclog_ctx);
- SCFree(output_ctx);
-}
-
-static OutputInitResult OutputQuicLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogQuicFileCtx *quiclog_ctx = SCCalloc(1, sizeof(*quiclog_ctx));
- if (unlikely(quiclog_ctx == NULL)) {
- return result;
- }
- quiclog_ctx->file_ctx = ajt->file_ctx;
- quiclog_ctx->eve_ctx = ajt;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(quiclog_ctx);
- return result;
- }
- output_ctx->data = quiclog_ctx;
- output_ctx->DeInit = OutputQuicLogDeInitCtxSub;
-
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_QUIC);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonQuicLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogQuic. \"initdata\" is NULL.");
- return TM_ECODE_FAILED;
- }
-
- JsonQuicLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- thread->quiclog_ctx = ((OutputCtx *)initdata)->data;
- thread->ctx = CreateEveThreadCtx(t, thread->quiclog_ctx->eve_ctx);
- if (thread->ctx == NULL) {
- goto error_exit;
- }
-
- *data = (void *)thread;
- return TM_ECODE_OK;
-
-error_exit:
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonQuicLogThreadDeinit(ThreadVars *t, void *data)
-{
- JsonQuicLogThread *thread = (JsonQuicLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- FreeEveThreadCtx(thread->ctx);
- SCFree(thread);
- return TM_ECODE_OK;
-}
-
-void JsonQuicLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonQuicLog", "eve-log.quic",
- OutputQuicLogInitSub, ALPROTO_QUIC, JsonQuicLogger, JsonQuicLogThreadInit,
- JsonQuicLogThreadDeinit, NULL);
-
- SCLogDebug("quic json logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- */
-
-#ifndef SURICATA_OUTPUT_JSON_QUIC_H
-#define SURICATA_OUTPUT_JSON_QUIC_H
-
-void JsonQuicLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_QUIC_H */
+++ /dev/null
-/* Copyright (C) 2019-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Zach Kelly <zach.kelly@lmco.com>
- *
- * Application layer logger for RDP
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-#include "output.h"
-#include "output-json.h"
-#include "app-layer.h"
-#include "app-layer-parser.h"
-#include "app-layer-rdp.h"
-#include "output-json-rdp.h"
-#include "rust.h"
-
-static int JsonRdpLogger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
-{
- OutputJsonThreadCtx *thread = thread_data;
-
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_PACKET, "rdp", NULL, thread->ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_OK;
- }
- if (!rs_rdp_to_json(tx, js)) {
- jb_free(js);
- return TM_ECODE_FAILED;
- }
- OutputJsonBuilderBuffer(js, thread);
-
- jb_free(js);
- return TM_ECODE_OK;
-}
-
-static OutputInitResult OutputRdpLogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RDP);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonRdpLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonRdpLog", "eve-log.rdp",
- OutputRdpLogInitSub, ALPROTO_RDP, JsonRdpLogger, JsonLogThreadInit, JsonLogThreadDeinit,
- NULL);
-
- SCLogDebug("rdp json logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2019 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Zach Kelly <zach.kelly@lmco.com>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_RDP_H
-#define SURICATA_OUTPUT_JSON_RDP_H
-
-void JsonRdpLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_RDP_H */
+++ /dev/null
-/* Copyright (C) 2020-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Frank Honza <frank.honza@dcso.de>
- *
- * Implement JSON/eve logging app-layer RFB.
- */
-
-#include "suricata-common.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "app-layer-rfb.h"
-#include "output-json-rfb.h"
-
-#include "rust-bindings.h"
-
-static int JsonRFBLogger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
-{
- OutputJsonThreadCtx *thread = thread_data;
-
- JsonBuilder *js = CreateEveHeader(p, LOG_DIR_FLOW, "rfb", NULL, thread->ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (!rs_rfb_logger_log(tx, js)) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(js, thread);
- jb_free(js);
-
- return TM_ECODE_OK;
-
-error:
- jb_free(js);
- return TM_ECODE_FAILED;
-}
-
-static OutputInitResult OutputRFBLogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_RFB);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonRFBLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonRFBLog", "eve-log.rfb",
- OutputRFBLogInitSub, ALPROTO_RFB, JsonRFBLogger, JsonLogThreadInit, JsonLogThreadDeinit,
- NULL);
-}
+++ /dev/null
-/* Copyright (C) 2020 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Frank Honza <frank.honza@dcso.de>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_RFB_H
-#define SURICATA_OUTPUT_JSON_RFB_H
-
-void JsonRFBLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_RFB_H */
+++ /dev/null
-/* Copyright (C) 2018-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Giuseppe Longo <giuseppe@glongo.it>
- *
- * Implement JSON/eve logging app-layer SIP.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "app-layer-sip.h"
-#include "output-json-sip.h"
-
-#include "rust.h"
-
-static int JsonSIPLogger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
-{
- SIPTransaction *siptx = tx;
- OutputJsonThreadCtx *thread = thread_data;
-
- JsonBuilder *js = CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "sip", NULL, thread->ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_OK;
- }
-
- if (!rs_sip_log_json(siptx, js)) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(js, thread);
- jb_free(js);
-
- return TM_ECODE_OK;
-
-error:
- jb_free(js);
- return TM_ECODE_FAILED;
-}
-
-static OutputInitResult OutputSIPLogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SIP);
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SIP);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonSIPLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSIPLog", "eve-log.sip",
- OutputSIPLogInitSub, ALPROTO_SIP, JsonSIPLogger, JsonLogThreadInit, JsonLogThreadDeinit,
- NULL);
-
- SCLogDebug("SIP JSON logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2015 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Giuseppe Longo <giuseppe@glongo.it>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_SIP_H
-#define SURICATA_OUTPUT_JSON_SIP_H
-
-void JsonSIPLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_SIP_H */
+++ /dev/null
-/* Copyright (C) 2018-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Pierre Chifflier <chifflier@wzdftpd.net>
- *
- * Implement JSON/eve logging app-layer SNMP.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "app-layer-snmp.h"
-#include "output-json-snmp.h"
-
-#include "rust.h"
-
-static int JsonSNMPLogger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
-{
- SNMPTransaction *snmptx = tx;
- OutputJsonThreadCtx *thread = thread_data;
-
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "snmp", NULL, thread->ctx);
- if (unlikely(jb == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (!rs_snmp_log_json_response(snmptx, jb)) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(jb, thread);
-
- jb_free(jb);
- return TM_ECODE_OK;
-
-error:
- jb_free(jb);
- return TM_ECODE_FAILED;
-}
-
-static OutputInitResult OutputSNMPLogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonSNMPLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSNMPLog", "eve-log.snmp",
- OutputSNMPLogInitSub, ALPROTO_SNMP, JsonSNMPLogger, JsonLogThreadInit,
- JsonLogThreadDeinit, NULL);
-
- SCLogDebug("SNMP JSON logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2015-2019 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Pierre Chifflier <chifflier@wzdftpd.net>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_SNMP_H
-#define SURICATA_OUTPUT_JSON_SNMP_H
-
-void JsonSNMPLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_SNMP_H */
+++ /dev/null
-/* Copyright (C) 2014-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- *
- * Implements SSH JSON logging portion of the engine.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-print.h"
-#include "util-unittest.h"
-
-#include "util-debug.h"
-#include "app-layer-parser.h"
-#include "output.h"
-#include "app-layer-ssh.h"
-#include "app-layer.h"
-#include "util-privs.h"
-#include "util-buffer.h"
-
-#include "util-logopenfile.h"
-
-#include "output-json.h"
-#include "output-json-ssh.h"
-#include "rust.h"
-
-#define MODULE_NAME "LogSshLog"
-
-static int JsonSshLogger(ThreadVars *tv, void *thread_data, const Packet *p,
- Flow *f, void *state, void *txptr, uint64_t tx_id)
-{
- OutputJsonThreadCtx *thread = thread_data;
-
- if (unlikely(state == NULL)) {
- return 0;
- }
-
- JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id, thread->ctx);
- if (unlikely(js == NULL))
- return 0;
-
- if (!rs_ssh_log_json(txptr, js)) {
- goto end;
- }
- OutputJsonBuilderBuffer(js, thread);
-
-end:
- jb_free(js);
- return 0;
-}
-
-static OutputInitResult OutputSshLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_SSH);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonSshLogRegister (void)
-{
- /* register as child of eve-log */
- OutputRegisterTxSubModuleWithCondition(LOGGER_JSON_TX, "eve-log", "JsonSshLog", "eve-log.ssh",
- OutputSshLogInitSub, ALPROTO_SSH, JsonSshLogger, SSHTxLogCondition, JsonLogThreadInit,
- JsonLogThreadDeinit, NULL);
-}
+++ /dev/null
-/* Copyright (C) 2014 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Victor Julien <victor@inliniac.net>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_SSH_H
-#define SURICATA_OUTPUT_JSON_SSH_H
-
-void JsonSshLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_SSH_H */
+++ /dev/null
-/* Copyright (C) 2018-2022 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/*
- * TODO: Update \author in this file and in output-json-template.h.
- * TODO: Remove SCLogNotice statements, or convert to debug.
- * TODO: Implement your app-layers logging.
- */
-
-/**
- * \file
- *
- * \author FirstName LastName <yourname@domain>
- *
- * Implement JSON/eve logging app-layer Template.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "output-json-template.h"
-#include "rust.h"
-
-typedef struct LogTemplateFileCtx_ {
- uint32_t flags;
- OutputJsonCtx *eve_ctx;
-} LogTemplateFileCtx;
-
-typedef struct LogTemplateLogThread_ {
- LogTemplateFileCtx *templatelog_ctx;
- OutputJsonThreadCtx *ctx;
-} LogTemplateLogThread;
-
-static int JsonTemplateLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
- void *state, void *tx, uint64_t tx_id)
-{
- SCLogNotice("JsonTemplateLogger");
- LogTemplateLogThread *thread = thread_data;
-
- JsonBuilder *js =
- CreateEveHeader(p, LOG_DIR_PACKET, "template", NULL, thread->templatelog_ctx->eve_ctx);
- if (unlikely(js == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (!rs_template_logger_log(tx, js)) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(js, thread->ctx);
- jb_free(js);
-
- return TM_ECODE_OK;
-
-error:
- jb_free(js);
- return TM_ECODE_FAILED;
-}
-
-static void OutputTemplateLogDeInitCtxSub(OutputCtx *output_ctx)
-{
- LogTemplateFileCtx *templatelog_ctx = (LogTemplateFileCtx *)output_ctx->data;
- SCFree(templatelog_ctx);
- SCFree(output_ctx);
-}
-
-static OutputInitResult OutputTemplateLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
-{
- OutputInitResult result = { NULL, false };
- OutputJsonCtx *ajt = parent_ctx->data;
-
- LogTemplateFileCtx *templatelog_ctx = SCCalloc(1, sizeof(*templatelog_ctx));
- if (unlikely(templatelog_ctx == NULL)) {
- return result;
- }
- templatelog_ctx->eve_ctx = ajt;
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
- if (unlikely(output_ctx == NULL)) {
- SCFree(templatelog_ctx);
- return result;
- }
- output_ctx->data = templatelog_ctx;
- output_ctx->DeInit = OutputTemplateLogDeInitCtxSub;
-
- SCLogNotice("Template log sub-module initialized.");
-
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TEMPLATE);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
-static TmEcode JsonTemplateLogThreadInit(ThreadVars *t, const void *initdata, void **data)
-{
- LogTemplateLogThread *thread = SCCalloc(1, sizeof(*thread));
- if (unlikely(thread == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (initdata == NULL) {
- SCLogDebug("Error getting context for EveLogTemplate. \"initdata\" is NULL.");
- goto error_exit;
- }
-
- thread->templatelog_ctx = ((OutputCtx *)initdata)->data;
- thread->ctx = CreateEveThreadCtx(t, thread->templatelog_ctx->eve_ctx);
- if (!thread->ctx) {
- goto error_exit;
- }
- *data = (void *)thread;
-
- return TM_ECODE_OK;
-
-error_exit:
- SCFree(thread);
- return TM_ECODE_FAILED;
-}
-
-static TmEcode JsonTemplateLogThreadDeinit(ThreadVars *t, void *data)
-{
- LogTemplateLogThread *thread = (LogTemplateLogThread *)data;
- if (thread == NULL) {
- return TM_ECODE_OK;
- }
- FreeEveThreadCtx(thread->ctx);
- SCFree(thread);
- return TM_ECODE_OK;
-}
-
-void JsonTemplateLogRegister(void)
-{
- /* TEMPLATE_START_REMOVE */
- if (ConfGetNode("app-layer.protocols.template") == NULL) {
- return;
- }
- /* TEMPLATE_END_REMOVE */
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonTemplateLog", "eve-log.template",
- OutputTemplateLogInitSub, ALPROTO_TEMPLATE, JsonTemplateLogger,
- JsonTemplateLogThreadInit, JsonTemplateLogThreadDeinit, NULL);
-
- SCLogNotice("Template JSON logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2018 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author FirstName LastName <name@domain>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_TEMPLATE_RUST_H
-#define SURICATA_OUTPUT_JSON_TEMPLATE_RUST_H
-
-void JsonTemplateLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_TEMPLATE_RUST_H */
+++ /dev/null
-/* Copyright (C) 2020-2021 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Clément Galland <clement.galland@epita.fr>
- *
- * Implement JSON/eve logging app-layer TFTP.
- */
-
-#include "suricata-common.h"
-#include "detect.h"
-#include "pkt-var.h"
-#include "conf.h"
-
-#include "threads.h"
-#include "threadvars.h"
-#include "tm-threads.h"
-
-#include "util-unittest.h"
-#include "util-buffer.h"
-#include "util-debug.h"
-#include "util-byte.h"
-
-#include "output.h"
-#include "output-json.h"
-
-#include "app-layer.h"
-#include "app-layer-parser.h"
-
-#include "app-layer-tftp.h"
-#include "output-json-tftp.h"
-
-#include "rust.h"
-
-static int JsonTFTPLogger(ThreadVars *tv, void *thread_data,
- const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
-{
- OutputJsonThreadCtx *thread = thread_data;
-
- JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "tftp", NULL, thread->ctx);
- if (unlikely(jb == NULL)) {
- return TM_ECODE_FAILED;
- }
-
- if (unlikely(!rs_tftp_log_json_request(tx, jb))) {
- goto error;
- }
-
- OutputJsonBuilderBuffer(jb, thread);
-
- jb_free(jb);
- return TM_ECODE_OK;
-
-error:
- jb_free(jb);
- return TM_ECODE_FAILED;
-}
-
-static OutputInitResult OutputTFTPLogInitSub(ConfNode *conf,
- OutputCtx *parent_ctx)
-{
- AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_TFTP);
- return OutputJsonLogInitSub(conf, parent_ctx);
-}
-
-void JsonTFTPLogRegister(void)
-{
- /* Register as an eve sub-module. */
- OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonTFTPLog", "eve-log.tftp",
- OutputTFTPLogInitSub, ALPROTO_TFTP, JsonTFTPLogger, JsonLogThreadInit,
- JsonLogThreadDeinit, NULL);
-
- SCLogDebug("TFTP JSON logger registered.");
-}
+++ /dev/null
-/* Copyright (C) 2017 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Clément Galland <clement.galland@epita.fr>
- */
-
-#ifndef SURICATA_OUTPUT_JSON_TFTP_H
-#define SURICATA_OUTPUT_JSON_TFTP_H
-
-void JsonTFTPLogRegister(void);
-
-#endif /* SURICATA_OUTPUT_JSON_TFTP_H */
#include "log-httplog.h"
#include "output-json-http.h"
#include "output-json-dns.h"
-#include "output-json-modbus.h"
#include "log-tlslog.h"
#include "log-tlsstore.h"
#include "output-json-tls.h"
-#include "output-json-ssh.h"
#include "log-pcap.h"
+// for SSHTxLogCondition
+#include "app-layer-ssh.h"
#include "output-json-file.h"
#include "output-json-smtp.h"
#include "output-json-stats.h"
#include "output-json-ftp.h"
// for misplaced EveFTPDataAddMetadata
#include "app-layer-ftp.h"
-#include "output-json-tftp.h"
#include "output-json-smb.h"
#include "output-json-ike.h"
-#include "output-json-krb5.h"
-#include "output-json-quic.h"
#include "output-json-dhcp.h"
-#include "output-json-snmp.h"
-#include "output-json-sip.h"
-#include "output-json-rfb.h"
#include "output-json-mqtt.h"
#include "output-json-pgsql.h"
-#include "output-json-template.h"
-#include "output-json-rdp.h"
-#include "output-json-http2.h"
#include "output-lua.h"
#include "output-json-dnp3.h"
#include "output-json-metadata.h"
#include "output-json-dcerpc.h"
#include "output-json-frame.h"
-#include "output-json-bittorrent-dht.h"
+#include "app-layer-parser.h"
#include "output-filestore.h"
typedef struct RootLogger_ {
OutputStreamingLoggerRegister();
}
+static int JsonGenericLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
+ void *state, void *tx, uint64_t tx_id, int dir)
+{
+ OutputJsonThreadCtx *thread = thread_data;
+ EveJsonSimpleAppLayerLogger *al = SCEveJsonSimpleGetLogger(f->alproto);
+ if (al == NULL) {
+ return TM_ECODE_FAILED;
+ }
+
+ const char *name;
+ switch (al->proto) {
+ case ALPROTO_HTTP2:
+ // special case
+ name = "http";
+ break;
+ case ALPROTO_FTPDATA:
+ // underscore instead of dash
+ name = "ftp_data";
+ break;
+ case ALPROTO_BITTORRENT_DHT:
+ // underscore instead of dash
+ name = "bittorrent_dht";
+ break;
+ default:
+ name = AppProtoToString(al->proto);
+ }
+ JsonBuilder *js = CreateEveHeader(p, dir, name, NULL, thread->ctx);
+ if (unlikely(js == NULL)) {
+ return TM_ECODE_FAILED;
+ }
+
+ if (!al->LogTx(tx, js)) {
+ goto error;
+ }
+
+ OutputJsonBuilderBuffer(js, thread);
+ jb_free(js);
+
+ return TM_ECODE_OK;
+
+error:
+ jb_free(js);
+ return TM_ECODE_FAILED;
+}
+
+static int JsonGenericDirPacketLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
+ void *state, void *tx, uint64_t tx_id)
+{
+ return JsonGenericLogger(tv, thread_data, p, f, state, tx, tx_id, LOG_DIR_PACKET);
+}
+
+static int JsonGenericDirFlowLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f,
+ void *state, void *tx, uint64_t tx_id)
+{
+ return JsonGenericLogger(tv, thread_data, p, f, state, tx, tx_id, LOG_DIR_FLOW);
+}
+
/**
* \brief Register all non-root logging modules.
*/
/* http log */
LogHttpLogRegister();
JsonHttpLogRegister();
- JsonHttp2LogRegister();
+ OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_TX, "eve-log", "LogHttp2Log", "eve-log.http2",
+ OutputJsonLogInitSub, ALPROTO_HTTP2, JsonGenericDirFlowLogger, HTTP2StateClosed,
+ HTTP2StateClosed, JsonLogThreadInit, JsonLogThreadDeinit, NULL);
/* tls log */
LogTlsLogRegister();
JsonTlsLogRegister();
LogTlsStoreRegister();
/* ssh */
- JsonSshLogRegister();
+ OutputRegisterTxSubModuleWithCondition(LOGGER_JSON_TX, "eve-log", "JsonSshLog", "eve-log.ssh",
+ OutputJsonLogInitSub, ALPROTO_SSH, JsonGenericDirFlowLogger, SSHTxLogCondition,
+ JsonLogThreadInit, JsonLogThreadDeinit, NULL);
/* pcap log */
PcapLogRegister();
/* file log */
/* dns */
JsonDnsLogRegister();
/* modbus */
- JsonModbusLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonModbusLog", "eve-log.modbus",
+ OutputJsonLogInitSub, ALPROTO_MODBUS, JsonGenericDirFlowLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+
+ SCLogDebug("modbus json logger registered.");
/* tcp streaming data */
LogTcpDataLogRegister();
/* log stats */
/* NFS JSON logger. */
JsonNFSLogRegister();
/* TFTP JSON logger. */
- JsonTFTPLogRegister();
- /* FTP JSON logger. */
- JsonFTPLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonTFTPLog", "eve-log.tftp",
+ OutputJsonLogInitSub, ALPROTO_TFTP, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+
+ SCLogDebug("TFTP JSON logger registered.");
+ /* FTP and FTP-DATA JSON loggers. */
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonFTPLog", "eve-log.ftp",
+ OutputJsonLogInitSub, ALPROTO_FTP, JsonGenericDirFlowLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonFTPLog", "eve-log.ftp",
+ OutputJsonLogInitSub, ALPROTO_FTPDATA, JsonGenericDirFlowLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+ SCLogDebug("FTP JSON logger registered.");
+
/* SMB JSON logger. */
JsonSMBLogRegister();
/* IKE JSON logger. */
JsonIKELogRegister();
/* KRB5 JSON logger. */
- JsonKRB5LogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonKRB5Log", "eve-log.krb5",
+ OutputJsonLogInitSub, ALPROTO_KRB5, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+
+ SCLogDebug("KRB5 JSON logger registered.");
/* QUIC JSON logger. */
- JsonQuicLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonQuicLog", "eve-log.quic",
+ OutputJsonLogInitSub, ALPROTO_QUIC, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+
+ SCLogDebug("quic json logger registered.");
/* DHCP JSON logger. */
JsonDHCPLogRegister();
/* SNMP JSON logger. */
- JsonSNMPLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSNMPLog", "eve-log.snmp",
+ OutputJsonLogInitSub, ALPROTO_SNMP, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+
+ SCLogDebug("SNMP JSON logger registered.");
/* SIP JSON logger. */
- JsonSIPLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSIPLog", "eve-log.sip",
+ OutputJsonLogInitSub, ALPROTO_SIP, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+
+ SCLogDebug("SIP JSON logger registered.");
/* RFB JSON logger. */
- JsonRFBLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonRFBLog", "eve-log.rfb",
+ OutputJsonLogInitSub, ALPROTO_RFB, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
/* MQTT JSON logger. */
JsonMQTTLogRegister();
/* Pgsql JSON logger. */
JsonPgsqlLogRegister();
/* Template JSON logger. */
- JsonTemplateLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonTemplateLog", "eve-log.template",
+ OutputJsonLogInitSub, ALPROTO_TEMPLATE, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
/* RDP JSON logger. */
- JsonRdpLogRegister();
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonRdpLog", "eve-log.rdp",
+ OutputJsonLogInitSub, ALPROTO_RDP, JsonGenericDirPacketLogger, JsonLogThreadInit,
+ JsonLogThreadDeinit, NULL);
+ SCLogDebug("rdp json logger registered.");
/* DCERPC JSON logger. */
JsonDCERPCLogRegister();
/* app layer frames */
JsonFrameLogRegister();
/* BitTorrent DHT JSON logger */
- JsonBitTorrentDHTLogRegister();
+ if (ConfGetNode("app-layer.protocols.bittorrent-dht") != NULL) {
+ /* Register as an eve sub-module. */
+ OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonBitTorrentDHTLog",
+ "eve-log.bittorrent-dht", OutputJsonLogInitSub, ALPROTO_BITTORRENT_DHT,
+ JsonGenericDirPacketLogger, JsonLogThreadInit, JsonLogThreadDeinit, NULL);
+ }
}
static EveJsonSimpleAppLayerLogger simple_json_applayer_loggers[ALPROTO_MAX] = {
projects / thirdparty / suricata.git / commitdiff
