First cut at "united" file log output in JSON

diff --git a/src/Makefile.am b/src/Makefile.am
index 18c86d56a0847ec94799a79caec12b9b15271fe2..49d526929fd1874ab4248d82982990c8d5ceaae6 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -219,6 +219,7 @@ output-filedata.c output-filedata.h \
 output-packet.c output-packet.h \
 output-tx.c output-tx.h \
 output-dnslog.c output-dnslog.h \
+output-file.c output-file.h \
 output-httplog.c output-httplog.h \
 output-json.c output-json.h \
 output-tlslog.c output-tlslog.h \

diff --git a/src/output-json.c b/src/output-json.c
index 93927e55170918eb589f77eaa46182b8126db83c..0444b9366bba9c7c90e8bc1d193ce2cc6e46cdc6 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -51,6 +51,8 @@
 #include "output-dnslog.h"
 #include "output-httplog.h"
 #include "output-tlslog.h"
+#include "output-file.h"
+#include "output-json.h"
 
 #include "util-byte.h"
 #include "util-privs.h"
@@ -60,7 +62,6 @@
 #include "util-buffer.h"
 #include "util-logopenfile.h"
 
-#include "output-json.h"
 
 #ifndef HAVE_LIBJANSSON
 
@@ -163,8 +164,9 @@ static enum json_output json_out = ALERT_FILE;
 
 #define OUTPUT_ALERTS (1<<0)
 #define OUTPUT_DNS    (1<<1)
-#define OUTPUT_HTTP   (1<<2)
-#define OUTPUT_TLS    (1<<3)
+#define OUTPUT_FILES  (1<<2)
+#define OUTPUT_HTTP   (1<<3)
+#define OUTPUT_TLS    (1<<4)
 
 static uint32_t outputFlags = 0;
 
@@ -527,6 +529,10 @@ TmEcode AlertJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Packe
         OutputDnsLog(tv, p, data, pq, postpq);
     }
 
+    if (outputFlags & OUTPUT_FILES) {
+        OutputFileLog(tv, p, data, pq, postpq);
+    }
+
     if (outputFlags & OUTPUT_HTTP) {
         OutputHttpLog(tv, p, data, pq, postpq);
     }
@@ -711,6 +717,11 @@ OutputCtx *AlertJsonInitCtx(ConfNode *conf)
                     outputFlags |= OUTPUT_DNS;
                     continue;
                 }
+                if (strcmp(output->val, "files") == 0) {
+                    SCLogDebug("Enabling files output");
+                    outputFlags |= OUTPUT_FILES;
+                    continue;
+                }
                 if (strcmp(output->val, "http") == 0) {
                     SCLogDebug("Enabling HTTP output");
                     ConfNode *child = ConfNodeLookupChild(output, "http");

diff --git a/src/output-json.h b/src/output-json.h
index 17500eeeb72fa82c335c86fa986aa2019e431c18..f914a141f4db565ff5d0def13edc0f2b0c57d9d0 100644 (file)
--- a/src/output-json.h
+++ b/src/output-json.h
@@ -42,6 +42,7 @@ OutputCtx *AlertJsonInitCtx(ConfNode *);
 typedef struct OutputJsonCtx_ {
     LogFileCtx *file_ctx;
     OutputCtx *http_ctx;
+    OutputCtx *files_ctx;
     OutputCtx *tls_ctx;
 } OutputJsonCtx;
 
@@ -53,9 +54,11 @@ typedef struct AlertJsonThread_ {
 
     uint64_t alert_cnt;
     uint64_t dns_cnt;
+    uint64_t files_cnt;
     uint64_t http_cnt;
     uint64_t tls_cnt;
     OutputCtx *http_ctx;
+    OutputCtx *files_ctx;
     OutputCtx *tls_ctx;
 } AlertJsonThread;