#define LOG_JSON_APP_LAYER BIT_U16(10)
#define LOG_JSON_FLOW BIT_U16(11)
-#define LOG_JSON_APP_LAYER_ALL (LOG_JSON_APP_LAYER|LOG_JSON_HTTP|LOG_JSON_TLS|LOG_JSON_SSH|LOG_JSON_SMTP|LOG_JSON_DNP3|LOG_JSON_FLOW)
+#define LOG_JSON_METADATA_ALL (LOG_JSON_APP_LAYER|LOG_JSON_HTTP|LOG_JSON_TLS|LOG_JSON_SSH|LOG_JSON_SMTP|LOG_JSON_DNP3|LOG_JSON_VARS|LOG_JSON_FLOW)
#define JSON_STREAM_BUFFER_SIZE 4096
const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");
const char *dnp3 = ConfNodeLookupChildValue(conf, "dnp3");
const char *vars = ConfNodeLookupChildValue(conf, "vars");
- const char *applayer = ConfNodeLookupChildValue(conf, "applayer");
+ const char *metadata = ConfNodeLookupChildValue(conf, "metadata");
const char *flow = ConfNodeLookupChildValue(conf, "flow");
if (flow != NULL) {
json_output_ctx->flags |= LOG_JSON_VARS;
}
}
- if (applayer != NULL && ConfValIsTrue(applayer)) {
- json_output_ctx->flags |= LOG_JSON_APP_LAYER_ALL;
+ if (metadata != NULL && ConfValIsTrue(metadata)) {
+ json_output_ctx->flags |= LOG_JSON_METADATA_ALL;
}
if (ssh != NULL) {
if (ConfValIsTrue(ssh)) {
# payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
# payload-printable: yes # enable dumping payload in printable (lossy) format
# packet: yes # enable dumping of packet (without stream segments)
- applayer: yes # add L7/applayer fields to the alert
- vars: yes # enable dumping of flowbits and other vars
+ metadata: yes # add L7/applayer fields, flowbit and other vars to the alert
# Enable the logging of tagged packets for rules using the
# "tag" keyword.
projects / thirdparty / suricata.git / commitdiff
