Add "united" JSON files output

author Tom DeCanio <decanio.tom@gmail.com>

Wed, 13 Nov 2013 19:17:03 +0000 (11:17 -0800)

committer Victor Julien <victor@inliniac.net>

Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)
author Tom DeCanio <decanio.tom@gmail.com>
Wed, 13 Nov 2013 19:17:03 +0000 (11:17 -0800)
committer Victor Julien <victor@inliniac.net>
Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)
diff --git a/src/output-json.c b/src/output-json.c

index 0444b9366bba9c7c90e8bc1d193ce2cc6e46cdc6..ad2c7524ebc23dbf41cf62bb478f46335fb1ef4c 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -312,7 +312,14 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count)
  {
      AlertJsonThread *aft = (AlertJsonThread *)data;
      MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    char *js_s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
+    char *js_s = json_dumps(js,
+                            JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
+#ifdef JSON_ESCAPE_SLASH
+                            JSON_ESCAPE_SLASH
+#else
+                            0
+#endif
+                            );
      if (unlikely(js_s == NULL))
          return TM_ECODE_OK;
  
@@ -719,6 +726,8 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf)
                  }
                  if (strcmp(output->val, "files") == 0) {
                      SCLogDebug("Enabling files output");
+                    ConfNode *child = ConfNodeLookupChild(output, "files");
+                    json_ctx->files_ctx = OutputFileLogInit(child);
                      outputFlags |= OUTPUT_FILES;
                      continue;
                  }
diff --git a/suricata.yaml.in b/suricata.yaml.in

index 8172b90dd3685002a9837285450ddfd4d84d5a4c..0349cec415ad960a066c70d5664f6e2fdf8440f6 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -84,7 +84,7 @@ outputs:
  
    # "United" event log in JSON format
    - eve-log:
-      enabled: yes
+      enabled: no
        type: file #file|syslog|unix_dgram|unix_stream
        filename: eve.json
        # the following are valid when type: syslog above
@@ -99,9 +99,9 @@ outputs:
          - dns
          - tls:
              extended: yes     # enable this for extended logging information
-        #- files
-        #  force-magic: no   # force logging magic on all logged files
-        #  force-md5: no     # force logging of md5 checksums
+        - files:
+            force-magic: no   # force logging magic on all logged files
+            force-md5: no     # force logging of md5 checksums
          #- drop
          #- ssh
author	Tom DeCanio <decanio.tom@gmail.com>
	Wed, 13 Nov 2013 19:17:03 +0000 (11:17 -0800)
committer	Victor Julien <victor@inliniac.net>
	Wed, 29 Jan 2014 10:07:51 +0000 (11:07 +0100)
src/output-json.c		patch \| blob \| blame \| history
suricata.yaml.in		patch \| blob \| blame \| history