alert/eve: add snmp metadata for snmp alerts

author Jason Ish <jason.ish@oisf.net>

Tue, 4 Aug 2020 21:35:07 +0000 (15:35 -0600)

committer Victor Julien <victor@inliniac.net>

Wed, 5 Aug 2020 11:50:53 +0000 (13:50 +0200)
author Jason Ish <jason.ish@oisf.net>
Tue, 4 Aug 2020 21:35:07 +0000 (15:35 -0600)
committer Victor Julien <victor@inliniac.net>
Wed, 5 Aug 2020 11:50:53 +0000 (13:50 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index f78313151cc4b4d00c56bb600b234c68909603c9..ca8e3ba63554e731cadb06add12ee57d118199c8 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -219,6 +219,20 @@ static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
      return;
  }
  
+static void AlertJsonSNMP(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
+{
+    void *snmp_state = (void *)FlowGetAppState(f);
+    if (snmp_state != NULL) {
+        void *tx = AppLayerParserGetTx(f->proto, ALPROTO_SNMP, snmp_state,
+                tx_id);
+        if (tx != NULL) {
+            jb_open_object(js, "snmp");
+            rs_snmp_log_json_response(js, snmp_state, tx);
+            jb_close(js);
+        }
+    }
+}
+
  static void AlertJsonSourceTarget(const Packet *p, const PacketAlert *pa,
                                    JsonBuilder *js, JsonAddrInfo *addr)
  {
@@ -483,6 +497,9 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
                  jb_restore_mark(jb, &mark);
              }
              break;
+        case ALPROTO_SNMP:
+            AlertJsonSNMP(p->flow, tx_id, jb);
+            break;
          default:
              break;
      }
author	Jason Ish <jason.ish@oisf.net>
	Tue, 4 Aug 2020 21:35:07 +0000 (15:35 -0600)
committer	Victor Julien <victor@inliniac.net>
	Wed, 5 Aug 2020 11:50:53 +0000 (13:50 +0200)