json file: separate http params

This patch separates http keys from file to have a different value
list:

{
 "time":"01\/31\/2014-12:04:52.837245","event_type":"file","src_ip":"5.3.1.1","src_port":80,"dest_ip":"1.8.1.9","dest_port":9539,"proto":"TCP",
 "http":{"url":"/foo/","hostname":"bar.com","http_refer":"http:\/\/bar.org","http_user_agent":"Mozilla\/5.0"},
 "file":{"filename":"bar","magic":"unknown","state":"CLOSED","stored":false,"size":21}
}

One interest of this modification is that it is possible to use the
same key as the one used in http events. Thus correlating both type
of events is trivial. On code side, this will permit to factorize
the code by simply asking the underlying protocol to output its
info in a json object.

Second interest is that adding file extraction for a new protocol
will result in only changing the protocol specific json list.

diff --git a/src/output-json-file.c b/src/output-json-file.c
index e7ff40bcf59f5994060cb13b2f2a0860592b70ed..d86f2cbd3e765b2b77f9720fc3dc6bb4f0e24e94 100644 (file)
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -171,16 +171,25 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
     /* reset */
     MemBufferReset(buffer);
 
+    json_t *hjs = json_object();
+    if (unlikely(hjs == NULL)) {
+        json_decref(js);
+        return;
+    }
+
+    json_object_set_new(hjs, "url", LogFileMetaGetUri(p, ff));
+    json_object_set_new(hjs, "hostname", LogFileMetaGetHost(p, ff));
+    json_object_set_new(hjs, "http_refer", LogFileMetaGetReferer(p, ff));
+    json_object_set_new(hjs, "http_user_agent", LogFileMetaGetUserAgent(p, ff));
+    json_object_set_new(js, "http", hjs);
+
     json_t *fjs = json_object();
     if (unlikely(fjs == NULL)) {
+        json_decref(hjs);
         json_decref(js);
         return;
     }
 
-    json_object_set_new(fjs, "http_uri", LogFileMetaGetUri(p, ff));
-    json_object_set_new(fjs, "http_host", LogFileMetaGetHost(p, ff));
-    json_object_set_new(fjs, "http_referer", LogFileMetaGetReferer(p, ff));
-    json_object_set_new(fjs, "http_user_agent", LogFileMetaGetUserAgent(p, ff));
     char *s = SCStrndup((char *)ff->name, ff->name_len);
     json_object_set_new(fjs, "filename", json_string(s));
     if (s != NULL)
@@ -224,6 +233,7 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
     json_object_set_new(js, "file", fjs);
     OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, buffer);
     json_object_del(js, "file");
+    json_object_del(js, "http");
 
     json_object_clear(js);
     json_decref(js);