]
# Add all information from the event
- content += (" %-20s : %s" % (key, value) for key, value in event.dump())
+ content += (" %-20s : %s" % (key, value or _("N/A")) for key, value in event.dump())
# Newline
content.append("")
# Add the protocol
yield _("Protocol"), self.protocol,
+ # DNS
+ if self.app_protocol == "dns":
+ dns = self.data.get("dns")
+
+ # Protocol
+ yield _("Application Protocol"), _("DNS")
+
+ # Log the queries
+ for query in dns.get("queries", []):
+ yield _("Query"), "%s (%s)" % (query.get("rrname"), query.get("rrtype"))
+
+ # HTTP
+ elif self.app_protocol == "http":
+ http = self.data.get("http")
+
+ # Protocol
+ yield _("Application Protocol"), _("HTTP")
+
+ # HTTP Protocol version
+ yield _("Protocol Version"), http.get("protocol")
+
+ # Add the hostname
+ yield _("Hostname"), http.get("hostname")
+
+ # Add the method
+ yield _("Method"), http.get("http_method")
+
+ # Add the URL
+ yield _("URL"), http.get("url")
+
+ yield _("User-Agent"), http.get("http_user_agent")
+
+ # TLS
+ elif self.app_protocol == "tls":
+ tls = self.data.get("tls")
+
+ # Protocol
+ yield _("Application Protocol"), _("TLS")
+
+ # Add the version
+ yield _("TLS Version"), tls.get("version")
+
+ # Add the SNI
+ yield _("TLS SNI"), tls.get("sni")
+
+ # Add client ALPNs
+ yield _("TLS Client ALPNs"), ", ".join(
+ tls.get("client_alpns", []),
+ )
+
+ # QUIC
+ elif self.app_protocol == "quic":
+ quic = self.data.get("quic")
+
+ # Protocol
+ yield _("Application Protocol"), _("QUIC")
+
+ # Extensions
+ for ext in quic.get("extensions", []):
+ name = ext.get("name")
+
+ # Log the server name
+ if name == "server_name":
+ values = ext.get("values", [])
+
+ for value in values:
+ yield _("Server Name"), value
+
def translate_severity(self, severity):
"""
Translates the severity into a human-readable string
projects / suricata-reporter.git / commitdiff
