From: Philippe Antoine Date: Fri, 4 Nov 2022 08:52:07 +0000 (+0100) Subject: eve: add common options to loggers missing it X-Git-Tag: suricata-6.0.10~62 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1be913d49cdaf2dee0bd8e5badf2eb7aa1884693;p=thirdparty%2Fsuricata.git eve: add common options to loggers missing it So that we get community id for RFB for instance Ticket: #5723 --- diff --git a/src/output-filestore.c b/src/output-filestore.c index 3d1720283f..0a7547c87c 100644 --- a/src/output-filestore.c +++ b/src/output-filestore.c @@ -170,8 +170,8 @@ static void OutputFilestoreFinalizeFiles(ThreadVars *tv, WARN_ONCE(SC_ERR_SPRINTF, "Failed to write file info record. Output filename truncated."); } else { - JsonBuilder *js_fileinfo = JsonBuildFileInfoRecord(p, ff, true, dir, - ctx->xff_cfg); + JsonBuilder *js_fileinfo = + JsonBuildFileInfoRecord(p, ff, true, dir, ctx->xff_cfg, NULL); if (likely(js_fileinfo != NULL)) { jb_close(js_fileinfo); FILE *out = fopen(js_metadata_filename, "w"); diff --git a/src/output-json-dcerpc.c b/src/output-json-dcerpc.c index 0bd56a548f..c8905599df 100644 --- a/src/output-json-dcerpc.c +++ b/src/output-json-dcerpc.c @@ -50,6 +50,7 @@ static int JsonDCERPCLogger(ThreadVars *tv, void *thread_data, if (unlikely(jb == NULL)) { return TM_ECODE_FAILED; } + EveAddCommonOptions(&thread->ctx->cfg, p, f, jb); jb_open_object(jb, "dcerpc"); if (p->proto == IPPROTO_TCP) { diff --git a/src/output-json-file.c b/src/output-json-file.c index 5771b1bb69..b86f1ba118 100644 --- a/src/output-json-file.c +++ b/src/output-json-file.c @@ -74,6 +74,7 @@ typedef struct OutputFileCtx_ { uint32_t file_cnt; HttpXFFCfg *xff_cfg; HttpXFFCfg *parent_xff_cfg; + OutputJsonCommonSettings cfg; } OutputFileCtx; typedef struct JsonFileLogThread_ { @@ -82,8 +83,8 @@ typedef struct JsonFileLogThread_ { MemBuffer *buffer; } JsonFileLogThread; -JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, - const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg) +JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, const bool stored, + uint8_t dir, HttpXFFCfg *xff_cfg, OutputJsonCommonSettings *cfg) { enum OutputJsonLogDirection fdir = LOG_DIR_FLOW; @@ -122,6 +123,9 @@ JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, JsonBuilder *js = CreateEveHeader(p, fdir, "fileinfo", &addr); if (unlikely(js == NULL)) return NULL; + if (cfg != NULL) { + EveAddCommonOptions(cfg, p, p->flow, js); + } JsonBuilderMark mark = { 0, 0, 0 }; switch (p->flow->alproto) { @@ -207,8 +211,8 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, { HttpXFFCfg *xff_cfg = aft->filelog_ctx->xff_cfg != NULL ? aft->filelog_ctx->xff_cfg : aft->filelog_ctx->parent_xff_cfg;; - JsonBuilder *js = JsonBuildFileInfoRecord(p, ff, - ff->flags & FILE_STORED ? true : false, dir, xff_cfg); + JsonBuilder *js = JsonBuildFileInfoRecord( + p, ff, ff->flags & FILE_STORED ? true : false, dir, xff_cfg, &aft->filelog_ctx->cfg); if (unlikely(js == NULL)) { return; } @@ -313,6 +317,7 @@ static OutputInitResult OutputFileLogInitSub(ConfNode *conf, OutputCtx *parent_c } output_file_ctx->file_ctx = ojc->file_ctx; + output_file_ctx->cfg = ojc->cfg; if (conf) { const char *force_filestore = ConfNodeLookupChildValue(conf, "force-filestore"); diff --git a/src/output-json-file.h b/src/output-json-file.h index 0d10aaea40..0abfbd56db 100644 --- a/src/output-json-file.h +++ b/src/output-json-file.h @@ -25,9 +25,10 @@ #define __OUTPUT_JSON_FILE_H__ #include "app-layer-htp-xff.h" +#include "output-json.h" void JsonFileLogRegister(void); -JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, - const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg); +JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, const bool stored, + uint8_t dir, HttpXFFCfg *xff_cfg, OutputJsonCommonSettings *cfg); #endif /* __OUTPUT_JSON_FILE_H__ */ diff --git a/src/output-json-mqtt.c b/src/output-json-mqtt.c index 811024960f..6880704fb6 100644 --- a/src/output-json-mqtt.c +++ b/src/output-json-mqtt.c @@ -52,6 +52,7 @@ typedef struct LogMQTTFileCtx_ { LogFileCtx *file_ctx; uint32_t flags; + OutputJsonCommonSettings cfg; } LogMQTTFileCtx; typedef struct LogMQTTLogThread_ { @@ -90,6 +91,7 @@ static int JsonMQTTLogger(ThreadVars *tv, void *thread_data, if (unlikely(js == NULL)) { return TM_ECODE_FAILED; } + EveAddCommonOptions(&thread->mqttlog_ctx->cfg, p, f, js); if (!rs_mqtt_logger_log(state, tx, thread->mqttlog_ctx->flags, js)) goto error; @@ -137,6 +139,7 @@ static OutputInitResult OutputMQTTLogInitSub(ConfNode *conf, return result; } mqttlog_ctx->file_ctx = ajt->file_ctx; + mqttlog_ctx->cfg = ajt->cfg; OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx)); if (unlikely(output_ctx == NULL)) { diff --git a/src/output-json-rfb.c b/src/output-json-rfb.c index dc117c28f4..1dadb7bfa0 100644 --- a/src/output-json-rfb.c +++ b/src/output-json-rfb.c @@ -49,6 +49,7 @@ typedef struct LogRFBFileCtx_ { LogFileCtx *file_ctx; uint32_t flags; + OutputJsonCommonSettings cfg; } LogRFBFileCtx; typedef struct LogRFBLogThread_ { @@ -80,6 +81,8 @@ static int JsonRFBLogger(ThreadVars *tv, void *thread_data, return TM_ECODE_FAILED; } + EveAddCommonOptions(&thread->rfblog_ctx->cfg, p, f, js); + if (!rs_rfb_logger_log(NULL, tx, js)) { goto error; } @@ -113,6 +116,7 @@ static OutputInitResult OutputRFBLogInitSub(ConfNode *conf, return result; } rfblog_ctx->file_ctx = ajt->file_ctx; + rfblog_ctx->cfg = ajt->cfg; OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx)); if (unlikely(output_ctx == NULL)) {