From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 26 Jan 2026 18:24:15 +0000 (+0000)
Subject: reporter: Add more details about DNS/HTTP/TLS/QUIC to the emails
X-Git-Tag: 0.6~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c59aa9e03daee1d452c7cbf31e0a4ae23c03f2fe;p=suricata-reporter.git

reporter: Add more details about DNS/HTTP/TLS/QUIC to the emails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/suricata-reporter.in b/src/suricata-reporter.in
index f4b529b..f28883b 100644
--- a/src/suricata-reporter.in
+++ b/src/suricata-reporter.in
@@ -505,7 +505,7 @@ class Worker(threading.Thread):
 		]
 
 		# Add all information from the event
-		content += ("	%-20s : %s" % (key, value) for key, value in event.dump())
+		content += ("	%-20s : %s" % (key, value or _("N/A")) for key, value in event.dump())
 
 		# Newline
 		content.append("")
@@ -711,6 +711,74 @@ class Event(object):
 		# Add the protocol
 		yield _("Protocol"), self.protocol,
 
+		# DNS
+		if self.app_protocol == "dns":
+			dns = self.data.get("dns")
+
+			# Protocol
+			yield _("Application Protocol"), _("DNS")
+
+			# Log the queries
+			for query in dns.get("queries", []):
+				yield _("Query"), "%s (%s)" % (query.get("rrname"), query.get("rrtype"))
+
+		# HTTP
+		elif self.app_protocol == "http":
+			http = self.data.get("http")
+
+			# Protocol
+			yield _("Application Protocol"), _("HTTP")
+
+			# HTTP Protocol version
+			yield _("Protocol Version"), http.get("protocol")
+
+			# Add the hostname
+			yield _("Hostname"), http.get("hostname")
+
+			# Add the method
+			yield _("Method"), http.get("http_method")
+
+			# Add the URL
+			yield _("URL"), http.get("url")
+
+			yield _("User-Agent"), http.get("http_user_agent")
+
+		# TLS
+		elif self.app_protocol == "tls":
+			tls = self.data.get("tls")
+
+			# Protocol
+			yield _("Application Protocol"), _("TLS")
+
+			# Add the version
+			yield _("TLS Version"), tls.get("version")
+
+			# Add the SNI
+			yield _("TLS SNI"), tls.get("sni")
+
+			# Add client ALPNs
+			yield _("TLS Client ALPNs"), ", ".join(
+				tls.get("client_alpns", []),
+			)
+
+		# QUIC
+		elif self.app_protocol == "quic":
+			quic = self.data.get("quic")
+
+			# Protocol
+			yield _("Application Protocol"), _("QUIC")
+
+			# Extensions
+			for ext in quic.get("extensions", []):
+				name = ext.get("name")
+
+				# Log the server name
+				if name == "server_name":
+					values = ext.get("values", [])
+
+					for value in values:
+						yield _("Server Name"), value
+
 	def translate_severity(self, severity):
 		"""
 			Translates the severity into a human-readable string