#include "output-json-ssh.h"
#include "output-json-smtp.h"
#include "output-json-email-common.h"
+#include "output-json-nfs.h"
#include "util-byte.h"
#include "util-privs.h"
#ifdef HAVE_LIBJANSSON
-#define LOG_JSON_PAYLOAD 0x001
-#define LOG_JSON_PACKET 0x002
-#define LOG_JSON_PAYLOAD_BASE64 0x004
-#define LOG_JSON_HTTP 0x008
-#define LOG_JSON_TLS 0x010
-#define LOG_JSON_SSH 0x020
-#define LOG_JSON_SMTP 0x040
-#define LOG_JSON_TAGGED_PACKETS 0x080
-#define LOG_JSON_DNP3 0x100
-#define LOG_JSON_VARS 0x200
+#define LOG_JSON_PAYLOAD BIT_U16(0)
+#define LOG_JSON_PACKET BIT_U16(1)
+#define LOG_JSON_PAYLOAD_BASE64 BIT_U16(2)
+#define LOG_JSON_HTTP BIT_U16(3)
+#define LOG_JSON_TLS BIT_U16(4)
+#define LOG_JSON_SSH BIT_U16(5)
+#define LOG_JSON_SMTP BIT_U16(6)
+#define LOG_JSON_TAGGED_PACKETS BIT_U16(7)
+#define LOG_JSON_DNP3 BIT_U16(8)
+#define LOG_JSON_VARS BIT_U16(9)
+#define LOG_JSON_APP_LAYER BIT_U16(10)
+
+#define LOG_JSON_APP_LAYER_ALL (LOG_JSON_APP_LAYER|LOG_JSON_HTTP|LOG_JSON_TLS|LOG_JSON_SSH|LOG_JSON_SMTP|LOG_JSON_DNP3)
#define JSON_STREAM_BUFFER_SIZE 4096
}
}
}
-
+#ifdef HAVE_RUST
+ if ((json_output_ctx->flags & LOG_JSON_APP_LAYER) && p->flow != NULL) {
+ uint16_t alproto = FlowGetAppProtocol(p->flow);
+ if (alproto == ALPROTO_NFS) {
+ hjs = JsonNFSAddMetadataRPC(p->flow, pa->tx_id);
+ if (hjs)
+ json_object_set_new(js, "rpc", hjs);
+ hjs = JsonNFSAddMetadata(p->flow, pa->tx_id);
+ if (hjs)
+ json_object_set_new(js, "nfs", hjs);
+ }
+ }
+#endif
if (json_output_ctx->flags & LOG_JSON_DNP3) {
if (p->flow != NULL) {
uint16_t proto = FlowGetAppProtocol(p->flow);
const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");
const char *dnp3 = ConfNodeLookupChildValue(conf, "dnp3");
const char *vars = ConfNodeLookupChildValue(conf, "vars");
+ const char *applayer = ConfNodeLookupChildValue(conf, "applayer");
if (vars != NULL) {
if (ConfValIsTrue(vars)) {
json_output_ctx->flags |= LOG_JSON_VARS;
}
}
+ if (applayer != NULL && ConfValIsTrue(applayer)) {
+ json_output_ctx->flags |= LOG_JSON_APP_LAYER_ALL;
+ }
if (ssh != NULL) {
if (ConfValIsTrue(ssh)) {
json_output_ctx->flags |= LOG_JSON_SSH;
# payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
# payload-printable: yes # enable dumping payload in printable (lossy) format
# packet: yes # enable dumping of packet (without stream segments)
- http: yes # enable dumping of http fields
- tls: yes # enable dumping of tls fields
- ssh: yes # enable dumping of ssh fields
- smtp: yes # enable dumping of smtp fields
- dnp3: yes # enable dumping of DNP3 fields
+ applayer: yes # add L7/applayer fields to the alert
vars: yes # enable dumping of flowbits and other vars
# Enable the logging of tagged packets for rules using the
projects / thirdparty / suricata.git / commitdiff
