}
memset(json_output_ctx, 0, sizeof(FrameJsonOutputCtx));
+ uint32_t payload_buffer_size = 4096;
+ if (conf != NULL) {
+ const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");
+ if (payload_buffer_value != NULL) {
+ uint32_t value;
+ if (ParseSizeStringU32(payload_buffer_value, &value) < 0) {
+ SCLogError("Error parsing payload-buffer-size \"%s\"", payload_buffer_value);
+ goto error;
+ }
+ payload_buffer_size = value;
+ }
+ }
+
json_output_ctx->file_ctx = ajt->file_ctx;
json_output_ctx->eve_ctx = ajt;
+ json_output_ctx->payload_buffer_size = payload_buffer_size;
output_ctx->data = json_output_ctx;
output_ctx->DeInit = JsonFrameLogDeInitCtxSub;
- frame:
# disabled by default as this is very verbose.
enabled: no
+ # payload-buffer-size: 4kb # max size of frame payload buffer to output in eve-log
- anomaly:
# Anomaly log records describe unexpected conditions such
# as truncated packets, packets with invalid IP/UDP/TCP
projects / thirdparty / suricata.git / commitdiff
