} else {
snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IPV4_GET_IPPROTO(p));
}
-#if 1
+
json_t *js = json_object();
if (js == NULL)
- return;
+ return TM_ECODE_OK;
json_t *ajs = json_object();
if (ajs == NULL) {
free(js);
- return;
+ return TM_ECODE_OK;
}
/* time & tx */
json_object_set_new(js, "sp", json_integer(p->sp));
json_object_set_new(js, "dstip", json_string(dstip));
json_object_set_new(js, "dp", json_integer(p->dp));
- json_object_set_new(js, "proto", json_integer(proto));
+ json_object_set_new(js, "proto", json_string(proto));
json_object_set_new(ajs, "action", json_string(action));
json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
/* alert */
json_object_set_new(js, "alert", ajs);
-#else
- json_error_t error;
- js = json_pack_ex(
- &error, 0,
- "{"
- "ss"
- "ss"
- "si"
- "si"
- "si"
- "ss"
- "ss"
- "si"
- "ss"
- "ss"
- "si"
- "ss"
- "si}",
- "time", timebuf,
- "action", action,
- "gid", pa->s->gid,
- "id", pa->s->id,
- "rev", pa->s->rev,
- "msg", (pa->s->msg) ? pa->s->msg : "",
- "class", (pa->s->class_msg) ? pa->s->class_msg : "",
- "pri", pa->s->prio,
- "proto", proto,
- "srcip", srcip,
- "sp", p->sp,
- "dstip", dstip,
- "dp", p->dp
- );
-
- if (js == NULL) {
- SCLogInfo("json_pack error %s", error.text);
- return TM_ECODE_OK;
- }
-#endif
+
SCMutexLock(&aft->file_ctx->fp_mutex);
if (json_out == ALERT_FILE) {
-#if 1
char *s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
MemBufferWriteString(aft->buffer, "%s", s);
MemBufferWriteString(aft->buffer, "\n");
free(s);
(void)MemBufferPrintToFPAsString(aft->buffer, aft->file_ctx->fp);
fflush(aft->file_ctx->fp);
-#else
- json_dumpf(js, aft->file_ctx->fp,
- ((format == INDENT) ? JSON_INDENT(2) : 0) |
- JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
- if (format == INDENT) {
- fputs("\n", aft->file_ctx->fp);
- }
-#endif
} else {
char *js_s;
js_s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
} else {
snprintf(proto, sizeof(proto), "PROTO:%03" PRIu32, IP_GET_IPPROTO(p));
}
-#if 1
+
json_t *js = json_object();
if (js == NULL)
- return;
+ return TM_ECODE_OK;
json_t *ajs = json_object();
if (ajs == NULL) {
free(js);
- return;
+ return TM_ECODE_OK;
}
/* time & tx */
json_object_set_new(js, "sp", json_integer(p->sp));
json_object_set_new(js, "dstip", json_string(dstip));
json_object_set_new(js, "dp", json_integer(p->dp));
- json_object_set_new(js, "proto", json_integer(proto));
+ json_object_set_new(js, "proto", json_string(proto));
json_object_set_new(ajs, "action", json_string(action));
json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
/* alert */
json_object_set_new(js, "alert", ajs);
-#else
- json_error_t error;
- js = json_pack_ex(
- &error, 0,
- "{"
- "ss"
- "ss"
- "si"
- "si"
- "si"
- "ss"
- "ss"
- "si"
- "ss"
- "ss"
- "si"
- "ss"
- "si}",
- "time", timebuf,
- "action", action,
- "gid", pa->s->gid,
- "id", pa->s->id,
- "rev", pa->s->rev,
- "msg", (pa->s->msg) ? pa->s->msg : "",
- "class", (pa->s->class_msg) ? pa->s->class_msg : "",
- "pri", pa->s->prio,
- "proto", proto,
- "srcip", srcip,
- "sp", p->sp,
- "dstip", dstip,
- "dp", p->dp
- );
-
- if (js == NULL) {
- SCLogInfo("json_pack error %s", error.text);
- return TM_ECODE_OK;
- }
-#endif
+
SCMutexLock(&aft->file_ctx->fp_mutex);
if (json_out == ALERT_FILE) {
-#if 1
char *s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
MemBufferWriteString(aft->buffer, "%s", s);
MemBufferWriteString(aft->buffer, "\n");
free(s);
(void)MemBufferPrintToFPAsString(aft->buffer, aft->file_ctx->fp);
fflush(aft->file_ctx->fp);
-#else
- json_dumpf(js, aft->file_ctx->fp,
- ((format == INDENT) ? JSON_INDENT(2) : 0) |
- JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
- if (format == INDENT) {
- fputs("\n", aft->file_ctx->fp);
- }
-#endif
} else {
char *js_s;
js_s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
char buf[(32 * 3) + 1];
PrintRawLineHexBuf(buf, sizeof(buf), GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);
-#if 1
json_t *js = json_object();
if (js == NULL)
- return;
+ return TM_ECODE_OK;
json_t *ajs = json_object();
if (ajs == NULL) {
free(js);
- return;
+ return TM_ECODE_OK;
}
/* time & tx */
/* alert */
json_object_set_new(js, "alert", ajs);
-#else
- json_error_t error;
- js = json_pack_ex(
- &error, 0,
- "{"
- "ss"
- "ss"
- "si"
- "si"
- "si"
- "ss"
- "ss"
- "si"
- "ss}",
- "time", timebuf,
- "action", action,
- "gid", pa->s->gid,
- "id", pa->s->id,
- "rev", pa->s->rev,
- "msg", (pa->s->msg) ? pa->s->msg : "",
- "class", (pa->s->class_msg) ? pa->s->class_msg : "",
- "pri", pa->s->prio,
- "pkt", buf
- );
-
- if (js == NULL) {
- SCLogInfo("json_pack error %s", error.text);
- return TM_ECODE_OK;
- }
-#endif
SCMutexLock(&aft->file_ctx->fp_mutex);
if (json_out == ALERT_FILE) {
-#if 1
char *s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
MemBufferWriteString(aft->buffer, "%s", s);
MemBufferWriteString(aft->buffer, "\n");
free(s);
(void)MemBufferPrintToFPAsString(aft->buffer, aft->file_ctx->fp);
fflush(aft->file_ctx->fp);
-#else
- json_dumpf(js, aft->file_ctx->fp,
- ((format == INDENT) ? JSON_INDENT(2) : 0) |
- JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
- //if (format == INDENT) {
- fputs("\n", aft->file_ctx->fp);
- //}
-#endif
} else {
char *js_s;
js_s = json_dumps(js, JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII);
#include "app-layer.h"
#include "util-privs.h"
#include "util-buffer.h"
-
+#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
}
}
-static void LogQuery(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dstip, Port sp, Port dp, DNSTransaction *tx, DNSQueryEntry *entry) {
+static void LogQuery(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dstip, Port sp, Port dp, char *proto, DNSTransaction *tx, DNSQueryEntry *entry) {
LogDnsFileCtx *hlog = aft->dnslog_ctx;
SCLogDebug("got a DNS request and now logging !!");
json_object_set_new(js, "sp", json_integer(sp));
json_object_set_new(js, "dstip", json_string(dstip));
json_object_set_new(js, "dp", json_integer(dp));
+ json_object_set_new(js, "proto", json_string(proto));
/* type */
json_object_set_new(djs, "type", json_string("query"));
json_array_append_new(djs, js);
}
-static void LogAnswers(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dstip, Port sp, Port dp, DNSTransaction *tx) {
+static void LogAnswers(LogDnsLogThread *aft, char *timebuf, char *srcip, char *dstip, Port sp, Port dp, char *proto, DNSTransaction *tx) {
LogDnsFileCtx *hlog = aft->dnslog_ctx;
SCLogDebug("got a DNS response and now logging !!");
json_object_set_new(js, "sp", json_integer(sp));
json_object_set_new(js, "dstip", json_string(dstip));
json_object_set_new(js, "dp", json_integer(dp));
+ json_object_set_new(js, "proto", json_string(proto));
#if 1
if (tx->no_such_name) {
sp = p->dp;
dp = p->sp;
}
+ char proto_s[16];
+ if (SCProtoNameValid(IPV4_GET_IPPROTO(p)) == TRUE) {
+ strlcpy(proto_s, known_proto[IPV4_GET_IPPROTO(p)], sizeof(proto_s));
+ } else {
+ snprintf(proto_s, sizeof(proto), "PROTO:%03" PRIu32, IPV4_GET_IPPROTO(p));
+ }
+
#if QUERY
if (PKT_IS_TOSERVER(p)) {
DNSTransaction *tx = NULL;
TAILQ_FOREACH(tx, &dns_state->tx_list, next) {
DNSQueryEntry *entry = NULL;
TAILQ_FOREACH(entry, &tx->query_list, next) {
- LogQuery(aft, timebuf, srcip, dstip, sp, dp, tx, entry);
+ LogQuery(aft, timebuf, srcip, dstip, sp, dp, tx, proto_s, entry);
}
}
} else
DNSQueryEntry *query = NULL;
TAILQ_FOREACH(query, &tx->query_list, next) {
- LogQuery(aft, timebuf, dstip, srcip, dp, sp, tx, query);
+ LogQuery(aft, timebuf, dstip, srcip, dp, sp, proto_s, tx, query);
}
#if 1
- LogAnswers(aft, timebuf, srcip, dstip, sp, dp, tx);
+ LogAnswers(aft, timebuf, srcip, dstip, sp, dp, proto_s, tx);
#else
if (tx->no_such_name) {
LogAnswer(aft, timebuf, srcip, dstip, sp, dp, tx, NULL);
#include "app-layer.h"
#include "util-privs.h"
#include "util-buffer.h"
-
+#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
#ifdef HAVE_LIBJANSSON
/* JSON format logging */
static void LogHttpLogJSON(LogHttpLogThread *aft, htp_tx_t *tx, char * timebuf,
- char *srcip, Port sp, char *dstip, Port dp)
+ char *srcip, Port sp, char *dstip, Port dp,
+ char *proto)
{
LogHttpFileCtx *hlog = aft->httplog_ctx;
json_t *js = json_object();
json_object_set_new(js, "sp", json_integer(sp));
json_object_set_new(js, "dstip", json_string(dstip));
json_object_set_new(js, "dp", json_integer(dp));
+ json_object_set_new(js, "proto", json_string(proto));
char *c;
if (tx->request_hostname != NULL)
{
json_object_set_new(hjs, "hostname",
- json_string(c = strndup(bstr_ptr(tx->request_hostname),
+ json_string(c = strndup((char *)bstr_ptr(tx->request_hostname),
bstr_len(tx->request_hostname))));
if (c) free(c);
} else {
if (tx->request_uri != NULL)
{
json_object_set_new(hjs, "uri",
- json_string(c = strndup(bstr_ptr(tx->request_uri),
+ json_string(c = strndup((char *)bstr_ptr(tx->request_uri),
bstr_len(tx->request_uri))));
if (c) free(c);
}
}
if (h_user_agent != NULL) {
json_object_set_new(hjs, "user-agent",
- json_string(c = strndup(bstr_ptr(h_user_agent->value),
+ json_string(c = strndup((char *)bstr_ptr(h_user_agent->value),
bstr_len(h_user_agent->value))));
if (c) free(c);
} else {
}
if (h_x_forwarded_for != NULL) {
json_object_set_new(hjs, "xff",
- json_string(c = strndup(bstr_ptr(h_x_forwarded_for->value),
+ json_string(c = strndup((char *)bstr_ptr(h_x_forwarded_for->value),
bstr_len(h_x_forwarded_for->value))));
if (c) free(c);
}
}
if (h_content_type != NULL) {
char *p;
- c = strndup(bstr_ptr(h_content_type->value),
+ c = strndup((char *)bstr_ptr(h_content_type->value),
bstr_len(h_content_type->value));
p = strchrnul(c, ';');
*p = '\0';
}
if (h_referer != NULL) {
json_object_set_new(hjs, "referer",
- json_string(c = strndup(bstr_ptr(h_referer->value),
+ json_string(c = strndup((char *)bstr_ptr(h_referer->value),
bstr_len(h_referer->value))));
if (c) free(c);
}
/* method */
if (tx->request_method != NULL) {
json_object_set_new(hjs, "method",
- json_string(c = strndup(bstr_ptr(tx->request_method),
+ json_string(c = strndup((char *)bstr_ptr(tx->request_method),
bstr_len(tx->request_method))));
if (c) free(c);
}
/* protocol */
if (tx->request_protocol != NULL) {
json_object_set_new(hjs, "protocol",
- json_string(c = strndup(bstr_ptr(tx->request_protocol),
+ json_string(c = strndup((char *)bstr_ptr(tx->request_protocol),
bstr_len(tx->request_protocol))));
if (c) free(c);
}
/* response status */
if (tx->response_status != NULL) {
json_object_set_new(hjs, "status",
- json_string(c = strndup(bstr_ptr(tx->response_status),
+ json_string(c = strndup((char *)bstr_ptr(tx->response_status),
bstr_len(tx->response_status))));
if (c) free(c);
htp_header_t *h_location = htp_table_get_c(tx->response_headers, "location");
if (h_location != NULL) {
json_object_set_new(hjs, "redirect",
- json_string(c = strndup(bstr_ptr(h_location->value),
+ json_string(c = strndup((char *)bstr_ptr(h_location->value),
bstr_len(h_location->value))));
if (c) free(c);
}
LogHttpLogThread *aft = (LogHttpLogThread *)data;
LogHttpFileCtx *hlog = aft->httplog_ctx;
char timebuf[64];
+ char proto_s[16];
/* no flow, no htp state */
if (p->flow == NULL) {
sp = p->dp;
dp = p->sp;
}
+ if (SCProtoNameValid(IPV4_GET_IPPROTO(p)) == TRUE) {
+ strlcpy(proto_s, known_proto[IPV4_GET_IPPROTO(p)], sizeof(proto_s));
+ } else {
+ snprintf(proto_s, sizeof(proto), "PROTO:%03" PRIu32, IPV4_GET_IPPROTO(p));
+ }
for (; tx_id < total_txs; tx_id++)
{
LogHttpLogJSONCustom(aft, tx, &p->ts, srcip, sp, dstip, dp);
//} else if (hlog->flags & LOG_HTTP_JSON) {
} else {
- LogHttpLogJSON(aft, tx, timebuf, srcip, sp, dstip, dp);
+ LogHttpLogJSON(aft, tx, timebuf, srcip, sp, dstip, dp, proto_s);
}
aft->uri_cnt ++;
projects / thirdparty / suricata.git / commitdiff
