logging/alert: Warn if metadata not selected

author Jeff Lucovsky <jeff@lucovsky.org>

Sat, 28 Sep 2019 13:00:24 +0000 (09:00 -0400)

committer Victor Julien <victor@inliniac.net>

Wed, 9 Oct 2019 14:12:03 +0000 (16:12 +0200)
author Jeff Lucovsky <jeff@lucovsky.org>
Sat, 28 Sep 2019 13:00:24 +0000 (09:00 -0400)
committer Victor Julien <victor@inliniac.net>
Wed, 9 Oct 2019 14:12:03 +0000 (16:12 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index f6e0d6a8ce2e2fe592092e8fba338c3397219e17..419b15e58daa074d4811dd75f0c41204e2edfcf9 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -97,6 +97,8 @@
              LOG_JSON_APP_LAYER  |                                  \
              LOG_JSON_RULE_METADATA)
  
+#define JSON_BODY_LOGGING  (LOG_JSON_HTTP_BODY | LOG_JSON_HTTP_BODY_BASE64)
+
  #define JSON_STREAM_BUFFER_SIZE 4096
  
  typedef struct AlertJsonOutputCtx_ {
@@ -810,6 +812,7 @@ static void SetFlag(const ConfNode *conf, const char *name, uint16_t flag, uint1
  static void JsonAlertLogSetupMetadata(AlertJsonOutputCtx *json_output_ctx,
          ConfNode *conf)
  {
+    static bool warn_no_meta = false;
      uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;
      uint16_t flags = METADATA_DEFAULTS;
  
@@ -868,6 +871,15 @@ static void JsonAlertLogSetupMetadata(AlertJsonOutputCtx *json_output_ctx,
              }
          }
  
+        if (!warn_no_meta && flags & JSON_BODY_LOGGING) {
+            if (((flags & LOG_JSON_APP_LAYER) == 0)) {
+                SCLogWarning(SC_WARN_ALERT_CONFIG, "HTTP body logging has been configured, however, "
+                             "metadata logging has not been enabled. HTTP body logging will be disabled.");
+                flags &= ~JSON_BODY_LOGGING;
+                warn_no_meta = true;
+            }
+        }
+
          json_output_ctx->payload_buffer_size = payload_buffer_size;
      }
  
diff --git a/src/util-error.c b/src/util-error.c

index c06809401944d22440ebefd3867b2db39079c59d..2b9d4014542ca6bf465d1c0b01110ab69ffa31ca 100644 (file)
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -364,6 +364,7 @@ const char * SCErrorToString(SCError err)
          CASE_CODE (SC_ERR_THASH_INIT);
          CASE_CODE (SC_ERR_DATASET);
          CASE_CODE (SC_WARN_ANOMALY_CONFIG);
+        CASE_CODE (SC_WARN_ALERT_CONFIG);
  
          CASE_CODE (SC_ERR_MAX);
      }
diff --git a/src/util-error.h b/src/util-error.h

index 060490b38931cf6dcac672b51571466705f20ad2..0897b02651e665504373507ff3c143fbde251363 100644 (file)
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -354,6 +354,7 @@ typedef enum {
      SC_ERR_THASH_INIT,
      SC_ERR_DATASET,
      SC_WARN_ANOMALY_CONFIG,
+    SC_WARN_ALERT_CONFIG,
  
      SC_ERR_MAX
  } SCError;
author	Jeff Lucovsky <jeff@lucovsky.org>
	Sat, 28 Sep 2019 13:00:24 +0000 (09:00 -0400)
committer	Victor Julien <victor@inliniac.net>
	Wed, 9 Oct 2019 14:12:03 +0000 (16:12 +0200)
src/output-json-alert.c		patch \| blob \| blame \| history
src/util-error.c		patch \| blob \| blame \| history
src/util-error.h		patch \| blob \| blame \| history