#include "output-json-smtp.h"
#include "output-json-email-common.h"
#include "output-json-nfs.h"
+#include "output-json-flow.h"
#include "util-byte.h"
#include "util-privs.h"
#define LOG_JSON_DNP3 BIT_U16(8)
#define LOG_JSON_VARS BIT_U16(9)
#define LOG_JSON_APP_LAYER BIT_U16(10)
+#define LOG_JSON_FLOW BIT_U16(11)
-#define LOG_JSON_APP_LAYER_ALL (LOG_JSON_APP_LAYER|LOG_JSON_HTTP|LOG_JSON_TLS|LOG_JSON_SSH|LOG_JSON_SMTP|LOG_JSON_DNP3)
+#define LOG_JSON_APP_LAYER_ALL (LOG_JSON_APP_LAYER|LOG_JSON_HTTP|LOG_JSON_TLS|LOG_JSON_SSH|LOG_JSON_SMTP|LOG_JSON_DNP3|LOG_JSON_FLOW)
#define JSON_STREAM_BUFFER_SIZE 4096
JsonAddVars(p, p->flow, js);
}
+ if (p->flow) {
+ if (json_output_ctx->flags & LOG_JSON_FLOW) {
+ hjs = json_object();
+ if (hjs != NULL) {
+ JsonAddFlow(p->flow, js, hjs);
+ json_object_set_new(js, "flow", hjs);
+ }
+ } else {
+ json_object_set_new(js, "app_proto",
+ json_string(AppProtoToString(p->flow->alproto)));
+ }
+ }
+
+
/* payload */
if (json_output_ctx->flags & (LOG_JSON_PAYLOAD | LOG_JSON_PAYLOAD_BASE64)) {
int stream = (p->proto == IPPROTO_TCP) ?
const char *dnp3 = ConfNodeLookupChildValue(conf, "dnp3");
const char *vars = ConfNodeLookupChildValue(conf, "vars");
const char *applayer = ConfNodeLookupChildValue(conf, "applayer");
+ const char *flow = ConfNodeLookupChildValue(conf, "flow");
+ if (flow != NULL) {
+ if (ConfValIsTrue(flow)) {
+ json_output_ctx->flags |= LOG_JSON_FLOW;
+ }
+ }
if (vars != NULL) {
if (ConfValIsTrue(vars)) {
json_output_ctx->flags |= LOG_JSON_VARS;
return js;
}
-/* JSON format logging */
-static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
+void JsonAddFlow(Flow *f, json_t *js, json_t *hjs)
{
-#if 0
- LogJsonFileCtx *flow_ctx = aft->flowlog_ctx;
-#endif
- json_t *hjs = json_object();
- if (hjs == NULL) {
- return;
- }
-
json_object_set_new(js, "app_proto",
json_string(AppProtoToString(f->alproto)));
if (f->alproto_ts != f->alproto) {
json_object_set_new(hjs, "bytes_toclient",
json_integer(f->tosrcbytecnt));
- char timebuf1[64], timebuf2[64];
-
+ char timebuf1[64];
CreateIsoTimeString(&f->startts, timebuf1, sizeof(timebuf1));
- CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
-
json_object_set_new(hjs, "start", json_string(timebuf1));
+}
+
+/* JSON format logging */
+static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
+{
+#if 0
+ LogJsonFileCtx *flow_ctx = aft->flowlog_ctx;
+#endif
+ json_t *hjs = json_object();
+ if (hjs == NULL) {
+ return;
+ }
+
+ JsonAddFlow(f, js, hjs);
+
+ char timebuf2[64];
+ CreateIsoTimeString(&f->lastts, timebuf2, sizeof(timebuf2));
json_object_set_new(hjs, "end", json_string(timebuf2));
int32_t age = f->lastts.tv_sec - f->startts.tv_sec;
#define __OUTPUT_JSON_FLOW_H__
void JsonFlowLogRegister(void);
+#ifdef HAVE_LIBJANSSON
+void JsonAddFlow(Flow *f, json_t *js, json_t *hjs);
+#endif /* HAVE_LIBJANSSON */
#endif /* __OUTPUT_JSON_FLOW_H__ */
projects / thirdparty / suricata.git / commitdiff
