json_object_del(js, "dns");
}
-static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
- PacketQueue *postpq, int ipproto)
+static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data,
+ int ipproto)
{
SCEnter();
SCReturnInt(TM_ECODE_OK);
}
-TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
SCReturnInt(TM_ECODE_OK);
}
- DnsJsonIPWrapper(tv, p, data, pq, postpq, AF_INET);
+ DnsJsonIPWrapper(tv, p, data, AF_INET);
SCReturnInt(TM_ECODE_OK);
}
#ifndef __OUTPUT_DNSLOG_H__
#define __OUTPUT_DNSLOG_H__
-TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
+TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data);
OutputCtx *DnsJsonInitCtx(ConfNode *);
#endif /* __OUTPUT_DNSLOG_H__ */
*
* \param tv Pointer the current thread variables
* \param p Pointer the packet which is being logged
- * \param data Pointer to the droplog struct
- * \param pq Pointer the packet queue
- * \param postpq Pointer the packet queue where this packet will be sent
*
* \return return TM_EODE_OK on success
*/
-TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p, PacketQueue *pq,
- PacketQueue *postpq)
+TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p)
{
uint16_t proto = 0;
MemBuffer *buffer = (MemBuffer *)aft->buffer;
* \param tv Pointer the current thread variables
* \param p Pointer the packet which is being logged
* \param data Pointer to the droplog struct
- * \param pq Pointer the packet queue
- * \param postpq Pointer the packet queue where this packet will be sent
*
* \return return TM_EODE_OK on success
*/
-TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
- PacketQueue *postpq)
+TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data)
{
AlertJsonThread *aft = (AlertJsonThread *)data;
if ((p->flow != NULL) && (p->flow->flags & FLOW_ACTION_DROP)) {
if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) {
p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED;
- return OutputDropLogJSON(aft, p, pq, NULL);
+ return OutputDropLogJSON(aft, p);
} else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) {
p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED;
- return OutputDropLogJSON(aft, p, pq, NULL);
+ return OutputDropLogJSON(aft, p);
}
} else {
- return OutputDropLogJSON(aft, p, pq, postpq);
+ return OutputDropLogJSON(aft, p);
}
return TM_ECODE_OK;
#ifndef OUTPUT_DROPLOG_H
#define OUTPUT_DROPLOG_H
-TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
+TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data);
OutputCtx *OutputDropLogInit(ConfNode *);
#endif /* OUTPUT_DROPLOG_H */
json_object_set_new(js, "http", hjs);
}
-static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,
- PacketQueue *postpq)
+static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
}
-TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
- HttpJsonIPWrapper(tv, p, data, pq, postpq);
+ HttpJsonIPWrapper(tv, p, data);
SCReturnInt(TM_ECODE_OK);
}
#ifndef __OUTPUT_HTTPLOG_H__
#define __OUTPUT_HTTPLOG_H__
-TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
+TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data);
OutputCtx *OutputHttpLogInit(ConfNode *);
#endif /* __OUTPUT_HTTPLOG_H__ */
#endif /* OS_WIN32 */
TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
-TmEcode AlertJsonIPv4(ThreadVars *, Packet *, void *);
-TmEcode AlertJsonIPv6(ThreadVars *, Packet *, void *);
+TmEcode AlertJson(ThreadVars *, Packet *, void *);
TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **);
TmEcode OutputJsonThreadDeinit(ThreadVars *, void *);
void OutputJsonExitPrintStats(ThreadVars *, void *);
tmm_modules[TMM_OUTPUTJSON].cap_flags = 0;
OutputRegisterModule(MODULE_NAME, "eve-log", OutputJsonInitCtx);
-
- /* enable the logger for the app layer */
- AppLayerRegisterLogger(ALPROTO_DNS_UDP);
- AppLayerRegisterLogger(ALPROTO_DNS_TCP);
- AppLayerRegisterLogger(ALPROTO_HTTP);
- AppLayerRegisterLogger(ALPROTO_TLS);
}
/* Default Sensor ID value */
return TM_ECODE_OK;
}
-TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data)
-{
- AlertJsonThread *aft = (AlertJsonThread *)data;
- MemBuffer *buffer = (MemBuffer *)aft->buffer;
- int i;
- char *action = "Pass";
-
- if (p->alerts.cnt == 0)
- return TM_ECODE_OK;
-
- MemBufferReset(buffer);
-
- json_t *js = CreateJSONHeader(p, 0);
- if (unlikely(js == NULL))
- return TM_ECODE_OK;
-
- for (i = 0; i < p->alerts.cnt; i++) {
- PacketAlert *pa = &p->alerts.alerts[i];
- if (unlikely(pa->s == NULL)) {
- continue;
- }
-
- if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
- action = "Drop";
- } else if (pa->action & ACTION_DROP) {
- action = "wDrop";
- }
-
- json_t *ajs = json_object();
- if (ajs == NULL) {
- json_decref(js);
- return TM_ECODE_OK;
- }
-
- json_object_set_new(ajs, "action", json_string(action));
- json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
- json_object_set_new(ajs, "id", json_integer(pa->s->id));
- json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
- json_object_set_new(ajs, "msg",
- json_string((pa->s->msg) ? pa->s->msg : ""));
- json_object_set_new(ajs, "class",
- json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
- json_object_set_new(ajs, "pri", json_integer(pa->s->prio));
-
- /* alert */
- json_object_set_new(js, "alert", ajs);
-
- OutputJSON(js, aft, &aft->file_ctx->alerts);
- json_object_del(js, "alert");
- }
- json_object_clear(js);
- json_decref(js);
-
- return TM_ECODE_OK;
-}
-
-TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data)
+TmEcode AlertJson(ThreadVars *tv, Packet *p, void *data)
{
AlertJsonThread *aft = (AlertJsonThread *)data;
MemBuffer *buffer = (MemBuffer *)aft->buffer;
{
if (output_flags & OUTPUT_ALERTS) {
- if (PKT_IS_IPV4(p)) {
- AlertJsonIPv4(tv, p, data);
- } else if (PKT_IS_IPV6(p)) {
- AlertJsonIPv6(tv, p, data);
+ if (PKT_IS_IPV4(p) || PKT_IS_IPV6(p)) {
+ AlertJson(tv, p, data);
} else if (p->events.cnt > 0) {
AlertJsonDecoderEvent(tv, p, data);
}
}
if (output_flags & OUTPUT_DNS) {
- OutputDnsLog(tv, p, data, pq, postpq);
+ OutputDnsLog(tv, p, data);
}
if (output_flags & OUTPUT_DROP) {
- OutputDropLog(tv, p, data, pq, postpq);
+ OutputDropLog(tv, p, data);
}
if (output_flags & OUTPUT_FILES) {
- OutputFileLog(tv, p, data, pq, postpq);
+ OutputFileLog(tv, p, data);
}
if (output_flags & OUTPUT_HTTP) {
- OutputHttpLog(tv, p, data, pq, postpq);
+ OutputHttpLog(tv, p, data);
}
if (output_flags & OUTPUT_TLS) {
- OutputTlsLog(tv, p, data, pq, postpq);
+ OutputTlsLog(tv, p, data);
}
return TM_ECODE_OK;
}
if (strcmp(output->val, "dns") == 0) {
SCLogDebug("Enabling DNS output");
+ AppLayerRegisterLogger(ALPROTO_DNS_UDP);
+ AppLayerRegisterLogger(ALPROTO_DNS_TCP);
output_flags |= OUTPUT_DNS;
continue;
}
SCLogDebug("Enabling HTTP output");
ConfNode *child = ConfNodeLookupChild(output, "http");
json_ctx->http_ctx = OutputHttpLogInit(child);
+ AppLayerRegisterLogger(ALPROTO_HTTP);
output_flags |= OUTPUT_HTTP;
continue;
}
SCLogDebug("Enabling TLS output");
ConfNode *child = ConfNodeLookupChild(output, "tls");
json_ctx->tls_ctx = OutputTlsLogInit(child);
+ AppLayerRegisterLogger(ALPROTO_TLS);
output_flags |= OUTPUT_TLS;
continue;
}
}
-static TmEcode LogTlsLogIPWrapperJSON(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+static TmEcode LogTlsLogIPWrapperJSON(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
AlertJsonThread *aft = (AlertJsonThread *)data;
}
-TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
+TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data)
{
SCEnter();
SCReturnInt(TM_ECODE_OK);
}
- LogTlsLogIPWrapperJSON(tv, p, data, pq, postpq);
+ LogTlsLogIPWrapperJSON(tv, p, data);
SCReturnInt(TM_ECODE_OK);
}
#ifndef __OUTPUT_TLSLOG_H__
#define __OUTPUT_TLSLOG_H__
-TmEcode OutputTlsLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq);
+TmEcode OutputTlsLog (ThreadVars *tv, Packet *p, void *data);
OutputCtx *OutputTlsLogInit(ConfNode *);
#endif /* __OUTPUT_TLSLOG_H__ */
projects / thirdparty / suricata.git / commitdiff
