json: add event_type key

This patch adds an event_type key to the generated events. Current
value is one of "dns", "alert, "file", "tls", "http", "drop". It is
then easy to differentiate in log analysis tools the events based on
source inside Suricata.

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 71ba88066f505df03001984fe37f03f76fd5a58d..7bcf6a18ae5e970514b80bb00144c5fdfda61a8d 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -84,7 +84,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
 
     MemBufferReset(buffer);
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0);
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index 7f34f96e8cecb8314684c31db1436f4405355342..7dde684324e21e33e97eaec387f3aa73777104e7 100644 (file)
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -217,7 +217,7 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
     LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
     DNSTransaction *tx = txptr;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1);//TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "dns");//TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index ef00f6e30ee0598cac41fc3245bdaba3767180da..8511f91e85d75d1df3c9d5a10c74c33d686418eb 100644 (file)
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -79,7 +79,7 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
 {
     uint16_t proto = 0;
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    json_t *js = CreateJSONHeader((Packet *)p, 0);//TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "drop");//TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

diff --git a/src/output-json-file.c b/src/output-json-file.c
index 218a0f89d1cc10a80d7108d0e75dd9991f8a75c7..e7ff40bcf59f5994060cb13b2f2a0860592b70ed 100644 (file)
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -164,7 +164,7 @@ static json_t *LogFileMetaGetUserAgent(const Packet *p, const File *ff) {
  */
 static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff) {
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    json_t *js = CreateJSONHeader((Packet *)p, 0); //TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "file"); //TODO const
     if (unlikely(js == NULL))
         return;
 

diff --git a/src/output-json-http.c b/src/output-json-http.c
index 7c41ea7edfce7427067b60259196b67bde2db3c2..703f11692e0bae6d809556a38f781ae42ae53d30 100644 (file)
--- a/src/output-json-http.c
+++ b/src/output-json-http.c
@@ -221,7 +221,7 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1); //TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

diff --git a/src/output-json-tls.c b/src/output-json-tls.c
index fa23129994fc831ab6733e9df63b0545cf9bcfa3..ce79d0fa8574312ae139e877b68b348c1cc48671 100644 (file)
--- a/src/output-json-tls.c
+++ b/src/output-json-tls.c
@@ -131,7 +131,7 @@ static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p) {
     if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL)
         goto end;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0);//TODO
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "tls");//TODO
     if (unlikely(js == NULL))
         goto end;
 

diff --git a/src/output-json.c b/src/output-json.c
index 55647e269431aa97eb534ec3014de90a15ba3ce6..0483d668b10ff7124251d68ad139a12365efe9a7 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -148,7 +148,7 @@ static enum JsonOutput json_out = ALERT_FILE;
 
 static enum JsonFormat format = COMPACT;
 
-json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
+json_t *CreateJSONHeader(Packet *p, int direction_sensitive, char *event_type)
 {
     char timebuf[64];
     char srcip[46], dstip[46];
@@ -215,6 +215,10 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
         json_object_set_new(js, "pcap_cnt", json_integer(p->pcap_cnt));
     }
 
+    if (event_type) {
+        json_object_set_new(js, "event_type", json_string(event_type));
+    }
+
     /* vlan */
     if (p->vlan_idx > 0) {
         json_t *js_vlan;

diff --git a/src/output-json.h b/src/output-json.h
index 16c55c0f73272ef3ca8028af28146215d4a8aeda..dda4e82020b50fa834bedf293201aa891a74a527 100644 (file)
--- a/src/output-json.h
+++ b/src/output-json.h
@@ -31,7 +31,7 @@ void TmModuleOutputJsonRegister (void);
 #include "suricata-common.h"
 #include "util-buffer.h"
 
-json_t *CreateJSONHeader(Packet *p, int direction_sensative);
+json_t *CreateJSONHeader(Packet *p, int direction_sensative, char *event_type);
 TmEcode OutputJSON(json_t *js, void *data, uint64_t *count);
 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer *buffer);
 OutputCtx *OutputJsonInitCtx(ConfNode *);