JsonBuilder *js;
if (tx_id != TX_ID_UNUSED) {
- js = CreateEveHeaderWithTxId(p, LOG_DIR_PACKET,
- ANOMALY_EVENT_TYPE, NULL, tx_id);
- EveAddCommonOptions(&aft->json_output_ctx->eve_ctx->cfg, p, p->flow, js);
+ js = CreateEveHeaderWithTxId(p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL, tx_id,
+ aft->json_output_ctx->eve_ctx);
} else {
js = CreateEveHeader(
p, LOG_DIR_PACKET, ANOMALY_EVENT_TYPE, NULL, aft->json_output_ctx->eve_ctx);
-/* Copyright (C) 2007-2014 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define __OUTPUT_JSON_EMAIL_COMMON_H__
typedef struct OutputJsonEmailCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags; /** Store mode */
uint64_t fields;/** Store fields */
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} OutputJsonEmailCtx;
typedef struct JsonEmailLogThread_ {
-/* Copyright (C) 2017-2020 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "output-json-ftp.h"
typedef struct LogFTPFileCtx_ {
- LogFileCtx *file_ctx;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} LogFTPFileCtx;
typedef struct LogFTPLogThread_ {
LogFTPLogThread *thread = thread_data;
LogFTPFileCtx *ftp_ctx = thread->ftplog_ctx;
- JsonBuilder *jb = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, event_type, NULL, tx_id);
+ JsonBuilder *jb = CreateEveHeaderWithTxId(
+ p, LOG_DIR_FLOW, event_type, NULL, tx_id, thread->ftplog_ctx->eve_ctx);
if (likely(jb)) {
- EveAddCommonOptions(&ftp_ctx->cfg, p, f, jb);
jb_open_object(jb, event_type);
if (f->alproto == ALPROTO_FTPDATA) {
EveFTPDataAddMetadata(f, jb);
if (unlikely(ftplog_ctx == NULL)) {
return result;
}
- ftplog_ctx->file_ctx = ajt->file_ctx;
- ftplog_ctx->cfg = ajt->cfg;
+ ftplog_ctx->eve_ctx = ajt;
OutputCtx *output_ctx = SCCalloc(1, sizeof(*output_ctx));
if (unlikely(output_ctx == NULL)) {
}
thread->ftplog_ctx = ((OutputCtx *)initdata)->data;
- thread->file_ctx = LogFileEnsureExists(thread->ftplog_ctx->file_ctx, t->id);
+ thread->file_ctx = LogFileEnsureExists(thread->ftplog_ctx->eve_ctx->file_ctx, t->id);
if (!thread->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "util-byte.h"
typedef struct LogHttpFileCtx_ {
- LogFileCtx *file_ctx;
uint32_t flags; /** Store mode */
uint64_t fields;/** Store fields */
HttpXFFCfg *xff_cfg;
HttpXFFCfg *parent_xff_cfg;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} LogHttpFileCtx;
typedef struct JsonHttpLogThread_ {
htp_tx_t *tx = txptr;
JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
- JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "http", NULL, tx_id);
+ JsonBuilder *js = CreateEveHeaderWithTxId(
+ p, LOG_DIR_FLOW, "http", NULL, tx_id, jhl->httplog_ctx->eve_ctx);
if (unlikely(js == NULL))
return TM_ECODE_OK;
- EveAddCommonOptions(&jhl->httplog_ctx->cfg, p, f, js);
SCLogDebug("got a HTTP request and now logging !!");
return result;
}
- http_ctx->file_ctx = ojc->file_ctx;
http_ctx->flags = LOG_HTTP_DEFAULT;
- http_ctx->cfg = ojc->cfg;
+ http_ctx->eve_ctx = ojc;
if (conf) {
const char *extended = ConfNodeLookupChildValue(conf, "extended");
goto error_exit;
}
- aft->file_ctx = LogFileEnsureExists(aft->httplog_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->httplog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
-/* Copyright (C) 2020 Open Information Security Foundation
+/* Copyright (C) 2020-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#define MODULE_NAME "LogHttp2Log"
typedef struct OutputHttp2Ctx_ {
- LogFileCtx *file_ctx;
- OutputJsonCommonSettings cfg;
+ OutputJsonCtx *eve_ctx;
} OutputHttp2Ctx;
Flow *f, void *state, void *txptr, uint64_t tx_id)
{
JsonHttp2LogThread *aft = (JsonHttp2LogThread *)thread_data;
- OutputHttp2Ctx *http2_ctx = aft->http2log_ctx;
if (unlikely(state == NULL)) {
return 0;
}
- JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "http", NULL, tx_id);
+ JsonBuilder *js = CreateEveHeaderWithTxId(
+ p, LOG_DIR_FLOW, "http", NULL, tx_id, aft->http2log_ctx->eve_ctx);
if (unlikely(js == NULL))
return 0;
- EveAddCommonOptions(&http2_ctx->cfg, p, f, js);
-
/* reset */
MemBufferReset(aft->buffer);
/* Use the Output Context (file pointer and mutex) */
aft->http2log_ctx = ((OutputCtx *)initdata)->data;
- aft->file_ctx = LogFileEnsureExists(aft->http2log_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->http2log_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
return TM_ECODE_OK;
}
-static void OutputHttp2LogDeinit(OutputCtx *output_ctx)
-{
- OutputHttp2Ctx *http2_ctx = output_ctx->data;
- LogFileCtx *logfile_ctx = http2_ctx->file_ctx;
- LogFileFreeCtx(logfile_ctx);
- SCFree(http2_ctx);
- SCFree(output_ctx);
-}
-
-#define DEFAULT_LOG_FILENAME "http2.json"
-static OutputInitResult OutputHttp2LogInit(ConfNode *conf)
-{
- OutputInitResult result = { NULL, false };
- LogFileCtx *file_ctx = LogFileNewCtx();
- if(file_ctx == NULL) {
- SCLogError(SC_ERR_HTTP2_LOG_GENERIC, "couldn't create new file_ctx");
- return result;
- }
-
- if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {
- LogFileFreeCtx(file_ctx);
- return result;
- }
-
- OutputHttp2Ctx *http2_ctx = SCMalloc(sizeof(OutputHttp2Ctx));
- if (unlikely(http2_ctx == NULL)) {
- LogFileFreeCtx(file_ctx);
- return result;
- }
-
- OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
- if (unlikely(output_ctx == NULL)) {
- LogFileFreeCtx(file_ctx);
- SCFree(http2_ctx);
- return result;
- }
-
- http2_ctx->file_ctx = file_ctx;
-
- output_ctx->data = http2_ctx;
- output_ctx->DeInit = OutputHttp2LogDeinit;
-
- AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP2);
-
- result.ctx = output_ctx;
- result.ok = true;
- return result;
-}
-
static void OutputHttp2LogDeinitSub(OutputCtx *output_ctx)
{
OutputHttp2Ctx *http2_ctx = output_ctx->data;
return result;
}
- http2_ctx->file_ctx = ojc->file_ctx;
- http2_ctx->cfg = ojc->cfg;
+ http2_ctx->eve_ctx = ojc;
output_ctx->data = http2_ctx;
output_ctx->DeInit = OutputHttp2LogDeinitSub;
void JsonHttp2LogRegister (void)
{
- /* register as separate module */
- OutputRegisterTxModuleWithProgress(LOGGER_JSON_HTTP2,
- MODULE_NAME, "http2-json-log",
- OutputHttp2LogInit, ALPROTO_HTTP2, JsonHttp2Logger,
- HTTP2StateClosed, HTTP2StateClosed,
- JsonHttp2LogThreadInit, JsonHttp2LogThreadDeinit, NULL);
-
/* also register as child of eve-log */
OutputRegisterTxSubModuleWithProgress(LOGGER_JSON_HTTP2,
"eve-log", MODULE_NAME, "eve-log.http2",
-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
SCEnter();
JsonEmailLogThread *jhl = (JsonEmailLogThread *)thread_data;
- JsonBuilder *jb = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "smtp", NULL, tx_id);
+ JsonBuilder *jb = CreateEveHeaderWithTxId(
+ p, LOG_DIR_FLOW, "smtp", NULL, tx_id, jhl->emaillog_ctx->eve_ctx);
if (unlikely(jb == NULL))
return TM_ECODE_OK;
- EveAddCommonOptions(&jhl->emaillog_ctx->cfg, p, f, jb);
/* reset */
MemBufferReset(jhl->buffer);
return result;
}
- email_ctx->file_ctx = ojc->file_ctx;
- email_ctx->cfg = ojc->cfg;
+ email_ctx->eve_ctx = ojc;
OutputEmailInitConf(conf, email_ctx);
goto error_exit;
}
- aft->file_ctx = LogFileEnsureExists(aft->emaillog_ctx->file_ctx, t->id);
+ aft->file_ctx = LogFileEnsureExists(aft->emaillog_ctx->eve_ctx->file_ctx, t->id);
if (!aft->file_ctx) {
goto error_exit;
}
return 0;
}
- JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id);
+ JsonBuilder *js = CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, "ssh", NULL, tx_id, thread->ctx);
if (unlikely(js == NULL))
return 0;
- EveAddCommonOptions(&thread->ctx->cfg, p, f, js);
-
/* reset */
MemBufferReset(thread->buffer);
}
JsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
- const char *event_type, JsonAddrInfo *addr, uint64_t tx_id)
+ const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx)
{
- JsonBuilder *js = CreateEveHeader(p, dir, event_type, addr, NULL);
+ JsonBuilder *js = CreateEveHeader(p, dir, event_type, addr, eve_ctx);
if (unlikely(js == NULL))
return NULL;
JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir,
const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx);
JsonBuilder *CreateEveHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir,
- const char *event_type, JsonAddrInfo *addr, uint64_t tx_id);
+ const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx);
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
int OutputJsonBuilderBuffer(JsonBuilder *js, LogFileCtx *file_ctx, MemBuffer **buffer);
OutputInitResult OutputJsonInitCtx(ConfNode *);
projects / thirdparty / suricata.git / commitdiff
