Add User-Agent header content to file metadata

diff --git a/src/log-file.c b/src/log-file.c
index fc7a67a79bb4f30fd71d69380d960966b7bf4cae..59f83d9253990232819de1ff11d57db94a6b1426 100644 (file)
--- a/src/log-file.c
+++ b/src/log-file.c
@@ -163,6 +163,30 @@ static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) {
     fprintf(fp, "<unknown>");
 }
 
+static void LogFileMetaGetUserAgent(FILE *fp, Packet *p, File *ff) {
+    HtpState *htp_state = (HtpState *)p->flow->alstate;
+    if (htp_state != NULL) {
+        htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, ff->txid);
+        if (tx != NULL) {
+            table_t *headers;
+            headers = tx->request_headers;
+            htp_header_t *h = NULL;
+
+            table_iterator_reset(headers);
+            while (table_iterator_next(headers, (void **)&h) != NULL) {
+                if (bstr_len(h->name) >= 4 &&
+                        SCMemcmpLowercase((uint8_t *)"user-agent", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
+                    PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value),
+                        bstr_len(h->value));
+                    return;
+                }
+            }
+        }
+    }
+
+    fprintf(fp, "<unknown>");
+}
+
 /**
  *  \internal
  *  \brief Write meta data on a single line json record
@@ -227,6 +251,10 @@ static void LogFileWriteJsonRecord(LogFileLogThread *aft, Packet *p, File *ff, i
     LogFileMetaGetReferer(fp, p, ff);
     fprintf(fp, "\", ");
 
+    fprintf(fp, "\"http_user_agent\": \"");
+    LogFileMetaGetUserAgent(fp, p, ff);
+    fprintf(fp, "\", ");
+
     fprintf(fp, "\"filename\": \"");
     PrintRawJsonFp(fp, ff->name, ff->name_len);
     fprintf(fp, "\", ");

diff --git a/src/log-filestore.c b/src/log-filestore.c
index c6ea732008e1c40dce91e005e5b8aba0f0373a9f..23a164d21e9c641bb2f8bd590436655c3336f0d6 100644 (file)
--- a/src/log-filestore.c
+++ b/src/log-filestore.c
@@ -166,6 +166,30 @@ static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) {
     fprintf(fp, "<unknown>");
 }
 
+static void LogFilestoreMetaGetUserAgent(FILE *fp, Packet *p, File *ff) {
+    HtpState *htp_state = (HtpState *)p->flow->alstate;
+    if (htp_state != NULL) {
+        htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, ff->txid);
+        if (tx != NULL) {
+            table_t *headers;
+            headers = tx->request_headers;
+            htp_header_t *h = NULL;
+
+            table_iterator_reset(headers);
+            while (table_iterator_next(headers, (void **)&h) != NULL) {
+                if (bstr_len(h->name) >= 4 &&
+                        SCMemcmpLowercase((uint8_t *)"user-agent", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) {
+                    PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value),
+                        bstr_len(h->value));
+                    return;
+                }
+            }
+        }
+    }
+
+    fprintf(fp, "<unknown>");
+}
+
 static void LogFilestoreLogCreateMetaFile(Packet *p, File *ff, char *filename, int ipver) {
     char metafilename[PATH_MAX] = "";
     snprintf(metafilename, sizeof(metafilename), "%s.meta", filename);
@@ -215,6 +239,9 @@ static void LogFilestoreLogCreateMetaFile(Packet *p, File *ff, char *filename, i
         fprintf(fp, "HTTP REFERER:      ");
         LogFilestoreMetaGetReferer(fp, p, ff);
         fprintf(fp, "\n");
+        fprintf(fp, "HTTP USER AGENT:   ");
+        LogFilestoreMetaGetUserAgent(fp, p, ff);
+        fprintf(fp, "\n");
         fprintf(fp, "FILENAME:          ");
         PrintRawUriFp(fp, ff->name, ff->name_len);
         fprintf(fp, "\n");