output/krb5: have krb5 properties in alerts

author Philippe Antoine <pantoine@oisf.net>

Thu, 16 Nov 2023 08:55:03 +0000 (09:55 +0100)

committer Philippe Antoine <contact@catenacyber.fr>

Mon, 20 Nov 2023 20:53:13 +0000 (21:53 +0100)
author Philippe Antoine <pantoine@oisf.net>
Thu, 16 Nov 2023 08:55:03 +0000 (09:55 +0100)
committer Philippe Antoine <contact@catenacyber.fr>
Mon, 20 Nov 2023 20:53:13 +0000 (21:53 +0100)
diff --git a/rust/src/krb/log.rs b/rust/src/krb/log.rs

index 7cb952581bc714c311601e5472fa4bea0d201d1c..58c0d64b489308d1938543477134ed1fbdc43ace 100644 (file)
--- a/rust/src/krb/log.rs
+++ b/rust/src/krb/log.rs
@@ -22,6 +22,7 @@ use crate::krb::krb5::{KRB5Transaction,test_weak_encryption};
  
  fn krb5_log_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> Result<(), JsonError>
  {
+    jsb.open_object("krb5")?;
      match tx.error_code {
          Some(c) => {
              jsb.set_string("msg_type", &format!("{:?}", tx.msg_type))?;
@@ -63,12 +64,13 @@ fn krb5_log_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> Result<
          jsb.set_string("ticket_encryption", &refs)?;
          jsb.set_bool("ticket_weak_encryption", test_weak_encryption(x))?;
      }
+    jsb.close()?;
  
      return Ok(());
  }
  
  #[no_mangle]
-pub extern "C" fn rs_krb5_log_json_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> bool
+pub extern "C" fn rs_krb5_log_json_response(tx: &mut KRB5Transaction, jsb: &mut JsonBuilder) -> bool
  {
      krb5_log_response(jsb, tx).is_ok()
  }
diff --git a/src/output-json-krb5.c b/src/output-json-krb5.c

index 5e6fbad5ecd12214362cc15fe6722644b7b29fad..9fc45c5d3c538b92cc47756fd120fd6661a40808 100644 (file)
--- a/src/output-json-krb5.c
+++ b/src/output-json-krb5.c
@@ -59,11 +59,9 @@ static int JsonKRB5Logger(ThreadVars *tv, void *thread_data,
          return TM_ECODE_FAILED;
      }
  
-    jb_open_object(jb, "krb5");
-    if (!rs_krb5_log_json_response(jb, krb5tx)) {
+    if (!rs_krb5_log_json_response(krb5tx, jb)) {
          goto error;
      }
-    jb_close(jb);
  
      OutputJsonBuilderBuffer(jb, thread);
  
diff --git a/src/output.c b/src/output.c

index 5aa341d2cbd473478b6d8efdd39965a79f55762e..149dda58c2847c54805837e7cb1a711e189c5e96 100644 (file)
--- a/src/output.c
+++ b/src/output.c
@@ -1149,8 +1149,8 @@ static EveJsonSimpleAppLayerLogger simple_json_applayer_loggers[ALPROTO_MAX] = {
      { ALPROTO_NTP, NULL }, // no logging
      { ALPROTO_FTPDATA, EveFTPDataAddMetadata },
      { ALPROTO_TFTP, (EveJsonSimpleTxLogFunc)rs_tftp_log_json_request },
-    { ALPROTO_IKE, NULL },  // special: uses state
-    { ALPROTO_KRB5, NULL }, // TODO missing
+    { ALPROTO_IKE, NULL }, // special: uses state
+    { ALPROTO_KRB5, (EveJsonSimpleTxLogFunc)rs_krb5_log_json_response },
      { ALPROTO_QUIC, rs_quic_to_json },
      { ALPROTO_DHCP, NULL }, // TODO missing
      { ALPROTO_SNMP, (EveJsonSimpleTxLogFunc)rs_snmp_log_json_response },
author	Philippe Antoine <pantoine@oisf.net>
	Thu, 16 Nov 2023 08:55:03 +0000 (09:55 +0100)
committer	Philippe Antoine <contact@catenacyber.fr>
	Mon, 20 Nov 2023 20:53:13 +0000 (21:53 +0100)
rust/src/krb/log.rs		patch \| blob \| blame \| history
src/output-json-krb5.c		patch \| blob \| blame \| history
src/output.c		patch \| blob \| blame \| history