]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 113d6a3)
output-json: add tx_id to events
authorEric Leblond <eric@regit.org>
Tue, 15 Sep 2015 14:36:37 +0000 (16:36 +0200)
committerEric Leblond <eric@regit.org>
Tue, 6 Oct 2015 21:30:46 +0000 (23:30 +0200)
This patch updates alert, stmp and http JSON logging to have a
tx_id in the root of the JSON log message.

src/output-json-alert.c patch | blob | blame | history
src/output-json-http.c patch | blob | blame | history
src/output-json-smtp.c patch | blob | blame | history

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 6be573054e5042185078bdd099ac2aa655d2343b..2c0d01714c7fc2d0b5127a8be8f457986a502a23 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -146,6 +146,11 @@ void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
         action = "blocked";
     }
 
+    /* Add tx_id to root element for correlation with other events. */
+    json_object_del(js, "tx_id");
+    if (pa->flags & PACKET_ALERT_FLAG_TX)
+        json_object_set_new(js, "tx_id", json_integer(pa->tx_id));
+
     json_t *ajs = json_object();
     if (ajs == NULL) {
         json_decref(js);
@@ -162,9 +167,6 @@ void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
             json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
     json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
 
-    if (pa->flags & PACKET_ALERT_FLAG_TX)
-        json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
-
     if (p->tenant_id > 0)
         json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
 
diff --git a/src/output-json-http.c b/src/output-json-http.c
index 6cfed78ca324d23a0f549443c4a322a0d2cabf42..6873987305cee15c5633b44a1c99486a68350173 100644 (file)
--- a/src/output-json-http.c
+++ b/src/output-json-http.c
@@ -362,9 +362,6 @@ static void JsonHttpLogJSON(JsonHttpLogThread *aft, json_t *js, htp_tx_t *tx, ui
     if (http_ctx->flags & LOG_HTTP_EXTENDED)
         JsonHttpLogJSONExtended(hjs, tx);
 
-    /* tx id for correlation with alerts */
-    json_object_set_new(hjs, "tx_id", json_integer(tx_id));
-
     json_object_set_new(js, "http", hjs);
 }
 
@@ -376,7 +373,7 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const
+    json_t *js = CreateJSONHeaderWithTxId((Packet *)p, 1, "http", tx_id); //TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c
index be5275de1769c146e69e88ca8f61eb9829fc9343..617b7247f379c7e2424d322e68e6b0a4e2101344 100644 (file)
--- a/src/output-json-smtp.c
+++ b/src/output-json-smtp.c
@@ -90,7 +90,7 @@ static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
     json_t *sjs;
-    json_t *js = CreateJSONHeader((Packet *)p, 1, "smtp");
+    json_t *js = CreateJSONHeaderWithTxId((Packet *)p, 1, "smtp", tx_id);
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
Mirror of https://github.com/OISF/suricata.git