From: Ludovico Cavedon Date: Wed, 14 Nov 2012 00:42:56 +0000 (-0800) Subject: Add User-Agent header content to file metadata X-Git-Tag: suricata-1.4rc1~9 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5dd0a1d917abb2d1ba5c042661a9651b66b20515;p=thirdparty%2Fsuricata.git Add User-Agent header content to file metadata --- diff --git a/src/log-file.c b/src/log-file.c index fc7a67a79b..59f83d9253 100644 --- a/src/log-file.c +++ b/src/log-file.c @@ -163,6 +163,30 @@ static void LogFileMetaGetReferer(FILE *fp, Packet *p, File *ff) { fprintf(fp, ""); } +static void LogFileMetaGetUserAgent(FILE *fp, Packet *p, File *ff) { + HtpState *htp_state = (HtpState *)p->flow->alstate; + if (htp_state != NULL) { + htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, ff->txid); + if (tx != NULL) { + table_t *headers; + headers = tx->request_headers; + htp_header_t *h = NULL; + + table_iterator_reset(headers); + while (table_iterator_next(headers, (void **)&h) != NULL) { + if (bstr_len(h->name) >= 4 && + SCMemcmpLowercase((uint8_t *)"user-agent", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { + PrintRawJsonFp(fp, (uint8_t *)bstr_ptr(h->value), + bstr_len(h->value)); + return; + } + } + } + } + + fprintf(fp, ""); +} + /** * \internal * \brief Write meta data on a single line json record @@ -227,6 +251,10 @@ static void LogFileWriteJsonRecord(LogFileLogThread *aft, Packet *p, File *ff, i LogFileMetaGetReferer(fp, p, ff); fprintf(fp, "\", "); + fprintf(fp, "\"http_user_agent\": \""); + LogFileMetaGetUserAgent(fp, p, ff); + fprintf(fp, "\", "); + fprintf(fp, "\"filename\": \""); PrintRawJsonFp(fp, ff->name, ff->name_len); fprintf(fp, "\", "); diff --git a/src/log-filestore.c b/src/log-filestore.c index c6ea732008..23a164d21e 100644 --- a/src/log-filestore.c +++ b/src/log-filestore.c @@ -166,6 +166,30 @@ static void LogFilestoreMetaGetReferer(FILE *fp, Packet *p, File *ff) { fprintf(fp, ""); } +static void LogFilestoreMetaGetUserAgent(FILE *fp, Packet *p, File *ff) { + HtpState *htp_state = (HtpState *)p->flow->alstate; + if (htp_state != NULL) { + htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, ff->txid); + if (tx != NULL) { + table_t *headers; + headers = tx->request_headers; + htp_header_t *h = NULL; + + table_iterator_reset(headers); + while (table_iterator_next(headers, (void **)&h) != NULL) { + if (bstr_len(h->name) >= 4 && + SCMemcmpLowercase((uint8_t *)"user-agent", (uint8_t *)bstr_ptr(h->name), bstr_len(h->name)) == 0) { + PrintRawUriFp(fp, (uint8_t *)bstr_ptr(h->value), + bstr_len(h->value)); + return; + } + } + } + } + + fprintf(fp, ""); +} + static void LogFilestoreLogCreateMetaFile(Packet *p, File *ff, char *filename, int ipver) { char metafilename[PATH_MAX] = ""; snprintf(metafilename, sizeof(metafilename), "%s.meta", filename); @@ -215,6 +239,9 @@ static void LogFilestoreLogCreateMetaFile(Packet *p, File *ff, char *filename, i fprintf(fp, "HTTP REFERER: "); LogFilestoreMetaGetReferer(fp, p, ff); fprintf(fp, "\n"); + fprintf(fp, "HTTP USER AGENT: "); + LogFilestoreMetaGetUserAgent(fp, p, ff); + fprintf(fp, "\n"); fprintf(fp, "FILENAME: "); PrintRawUriFp(fp, ff->name, ff->name_len); fprintf(fp, "\n");