From: Tom DeCanio Date: Tue, 19 Nov 2013 20:58:47 +0000 (-0800) Subject: Remaining JSON output pull request comment edits X-Git-Tag: suricata-2.0rc1~87 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6fd1b31c57d15ac97d9547ac486a678d8131eea7;p=thirdparty%2Fsuricata.git Remaining JSON output pull request comment edits --- diff --git a/src/output-dnslog.c b/src/output-dnslog.c index d0f397e905..0cbddfcedf 100644 --- a/src/output-dnslog.c +++ b/src/output-dnslog.c @@ -203,8 +203,8 @@ static void LogAnswers(AlertJsonThread *aft, json_t *js, DNSTransaction *tx) { json_object_del(js, "dns"); } -static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, - PacketQueue *postpq, int ipproto) +static TmEcode DnsJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, + int ipproto) { SCEnter(); @@ -270,7 +270,7 @@ end: SCReturnInt(TM_ECODE_OK); } -TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) +TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data) { SCEnter(); @@ -283,7 +283,7 @@ TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac SCReturnInt(TM_ECODE_OK); } - DnsJsonIPWrapper(tv, p, data, pq, postpq, AF_INET); + DnsJsonIPWrapper(tv, p, data, AF_INET); SCReturnInt(TM_ECODE_OK); } diff --git a/src/output-dnslog.h b/src/output-dnslog.h index fc7a3476bd..3708f9d897 100644 --- a/src/output-dnslog.h +++ b/src/output-dnslog.h @@ -24,7 +24,7 @@ #ifndef __OUTPUT_DNSLOG_H__ #define __OUTPUT_DNSLOG_H__ -TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); +TmEcode OutputDnsLog(ThreadVars *tv, Packet *p, void *data); OutputCtx *DnsJsonInitCtx(ConfNode *); #endif /* __OUTPUT_DNSLOG_H__ */ diff --git a/src/output-droplog.c b/src/output-droplog.c index 7ed3b95319..c437cd91e6 100644 --- a/src/output-droplog.c +++ b/src/output-droplog.c @@ -64,14 +64,10 @@ * * \param tv Pointer the current thread variables * \param p Pointer the packet which is being logged - * \param data Pointer to the droplog struct - * \param pq Pointer the packet queue - * \param postpq Pointer the packet queue where this packet will be sent * * \return return TM_EODE_OK on success */ -TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p, PacketQueue *pq, - PacketQueue *postpq) +TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p) { uint16_t proto = 0; MemBuffer *buffer = (MemBuffer *)aft->buffer; @@ -143,13 +139,10 @@ TmEcode OutputDropLogJSON (AlertJsonThread *aft, Packet *p, PacketQueue *pq, * \param tv Pointer the current thread variables * \param p Pointer the packet which is being logged * \param data Pointer to the droplog struct - * \param pq Pointer the packet queue - * \param postpq Pointer the packet queue where this packet will be sent * * \return return TM_EODE_OK on success */ -TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, - PacketQueue *postpq) +TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data) { AlertJsonThread *aft = (AlertJsonThread *)data; @@ -163,14 +156,14 @@ TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, if ((p->flow != NULL) && (p->flow->flags & FLOW_ACTION_DROP)) { if (PKT_IS_TOSERVER(p) && !(p->flow->flags & FLOW_TOSERVER_DROP_LOGGED)) { p->flow->flags |= FLOW_TOSERVER_DROP_LOGGED; - return OutputDropLogJSON(aft, p, pq, NULL); + return OutputDropLogJSON(aft, p); } else if (PKT_IS_TOCLIENT(p) && !(p->flow->flags & FLOW_TOCLIENT_DROP_LOGGED)) { p->flow->flags |= FLOW_TOCLIENT_DROP_LOGGED; - return OutputDropLogJSON(aft, p, pq, NULL); + return OutputDropLogJSON(aft, p); } } else { - return OutputDropLogJSON(aft, p, pq, postpq); + return OutputDropLogJSON(aft, p); } return TM_ECODE_OK; diff --git a/src/output-droplog.h b/src/output-droplog.h index 1510351df0..79e5f38cd7 100644 --- a/src/output-droplog.h +++ b/src/output-droplog.h @@ -26,7 +26,7 @@ #ifndef OUTPUT_DROPLOG_H #define OUTPUT_DROPLOG_H -TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); +TmEcode OutputDropLog (ThreadVars *tv, Packet *p, void *data); OutputCtx *OutputDropLogInit(ConfNode *); #endif /* OUTPUT_DROPLOG_H */ diff --git a/src/output-httplog.c b/src/output-httplog.c index 6d9df1b76c..c02f000078 100644 --- a/src/output-httplog.c +++ b/src/output-httplog.c @@ -218,8 +218,7 @@ static void LogHttpLogJSON(AlertJsonThread *aft, json_t *js, htp_tx_t *tx) json_object_set_new(js, "http", hjs); } -static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, - PacketQueue *postpq) +static TmEcode HttpJsonIPWrapper(ThreadVars *tv, Packet *p, void *data) { SCEnter(); @@ -306,10 +305,10 @@ end: } -TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) +TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data) { SCEnter(); - HttpJsonIPWrapper(tv, p, data, pq, postpq); + HttpJsonIPWrapper(tv, p, data); SCReturnInt(TM_ECODE_OK); } diff --git a/src/output-httplog.h b/src/output-httplog.h index 676ba544a7..c2bb6a6a61 100644 --- a/src/output-httplog.h +++ b/src/output-httplog.h @@ -24,7 +24,7 @@ #ifndef __OUTPUT_HTTPLOG_H__ #define __OUTPUT_HTTPLOG_H__ -TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); +TmEcode OutputHttpLog (ThreadVars *tv, Packet *p, void *data); OutputCtx *OutputHttpLogInit(ConfNode *); #endif /* __OUTPUT_HTTPLOG_H__ */ diff --git a/src/output-json.c b/src/output-json.c index 7c904909c3..d98bdc01b5 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -128,8 +128,7 @@ static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL; #endif /* OS_WIN32 */ TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *); -TmEcode AlertJsonIPv4(ThreadVars *, Packet *, void *); -TmEcode AlertJsonIPv6(ThreadVars *, Packet *, void *); +TmEcode AlertJson(ThreadVars *, Packet *, void *); TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **); TmEcode OutputJsonThreadDeinit(ThreadVars *, void *); void OutputJsonExitPrintStats(ThreadVars *, void *); @@ -146,12 +145,6 @@ void TmModuleOutputJsonRegister (void) { tmm_modules[TMM_OUTPUTJSON].cap_flags = 0; OutputRegisterModule(MODULE_NAME, "eve-log", OutputJsonInitCtx); - - /* enable the logger for the app layer */ - AppLayerRegisterLogger(ALPROTO_DNS_UDP); - AppLayerRegisterLogger(ALPROTO_DNS_TCP); - AppLayerRegisterLogger(ALPROTO_HTTP); - AppLayerRegisterLogger(ALPROTO_TLS); } /* Default Sensor ID value */ @@ -338,63 +331,7 @@ TmEcode OutputJSON(json_t *js, void *data, uint64_t *count) return TM_ECODE_OK; } -TmEcode AlertJsonIPv4(ThreadVars *tv, Packet *p, void *data) -{ - AlertJsonThread *aft = (AlertJsonThread *)data; - MemBuffer *buffer = (MemBuffer *)aft->buffer; - int i; - char *action = "Pass"; - - if (p->alerts.cnt == 0) - return TM_ECODE_OK; - - MemBufferReset(buffer); - - json_t *js = CreateJSONHeader(p, 0); - if (unlikely(js == NULL)) - return TM_ECODE_OK; - - for (i = 0; i < p->alerts.cnt; i++) { - PacketAlert *pa = &p->alerts.alerts[i]; - if (unlikely(pa->s == NULL)) { - continue; - } - - if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { - action = "Drop"; - } else if (pa->action & ACTION_DROP) { - action = "wDrop"; - } - - json_t *ajs = json_object(); - if (ajs == NULL) { - json_decref(js); - return TM_ECODE_OK; - } - - json_object_set_new(ajs, "action", json_string(action)); - json_object_set_new(ajs, "gid", json_integer(pa->s->gid)); - json_object_set_new(ajs, "id", json_integer(pa->s->id)); - json_object_set_new(ajs, "rev", json_integer(pa->s->rev)); - json_object_set_new(ajs, "msg", - json_string((pa->s->msg) ? pa->s->msg : "")); - json_object_set_new(ajs, "class", - json_string((pa->s->class_msg) ? pa->s->class_msg : "")); - json_object_set_new(ajs, "pri", json_integer(pa->s->prio)); - - /* alert */ - json_object_set_new(js, "alert", ajs); - - OutputJSON(js, aft, &aft->file_ctx->alerts); - json_object_del(js, "alert"); - } - json_object_clear(js); - json_decref(js); - - return TM_ECODE_OK; -} - -TmEcode AlertJsonIPv6(ThreadVars *tv, Packet *p, void *data) +TmEcode AlertJson(ThreadVars *tv, Packet *p, void *data) { AlertJsonThread *aft = (AlertJsonThread *)data; MemBuffer *buffer = (MemBuffer *)aft->buffer; @@ -525,33 +462,31 @@ TmEcode OutputJson (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pack { if (output_flags & OUTPUT_ALERTS) { - if (PKT_IS_IPV4(p)) { - AlertJsonIPv4(tv, p, data); - } else if (PKT_IS_IPV6(p)) { - AlertJsonIPv6(tv, p, data); + if (PKT_IS_IPV4(p) || PKT_IS_IPV6(p)) { + AlertJson(tv, p, data); } else if (p->events.cnt > 0) { AlertJsonDecoderEvent(tv, p, data); } } if (output_flags & OUTPUT_DNS) { - OutputDnsLog(tv, p, data, pq, postpq); + OutputDnsLog(tv, p, data); } if (output_flags & OUTPUT_DROP) { - OutputDropLog(tv, p, data, pq, postpq); + OutputDropLog(tv, p, data); } if (output_flags & OUTPUT_FILES) { - OutputFileLog(tv, p, data, pq, postpq); + OutputFileLog(tv, p, data); } if (output_flags & OUTPUT_HTTP) { - OutputHttpLog(tv, p, data, pq, postpq); + OutputHttpLog(tv, p, data); } if (output_flags & OUTPUT_TLS) { - OutputTlsLog(tv, p, data, pq, postpq); + OutputTlsLog(tv, p, data); } return TM_ECODE_OK; @@ -727,6 +662,8 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf) } if (strcmp(output->val, "dns") == 0) { SCLogDebug("Enabling DNS output"); + AppLayerRegisterLogger(ALPROTO_DNS_UDP); + AppLayerRegisterLogger(ALPROTO_DNS_TCP); output_flags |= OUTPUT_DNS; continue; } @@ -746,6 +683,7 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf) SCLogDebug("Enabling HTTP output"); ConfNode *child = ConfNodeLookupChild(output, "http"); json_ctx->http_ctx = OutputHttpLogInit(child); + AppLayerRegisterLogger(ALPROTO_HTTP); output_flags |= OUTPUT_HTTP; continue; } @@ -753,6 +691,7 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf) SCLogDebug("Enabling TLS output"); ConfNode *child = ConfNodeLookupChild(output, "tls"); json_ctx->tls_ctx = OutputTlsLogInit(child); + AppLayerRegisterLogger(ALPROTO_TLS); output_flags |= OUTPUT_TLS; continue; } diff --git a/src/output-tlslog.c b/src/output-tlslog.c index f78b27225b..660fc4c2c0 100644 --- a/src/output-tlslog.c +++ b/src/output-tlslog.c @@ -104,7 +104,7 @@ static void LogTlsLogExtendedJSON(json_t *tjs, SSLState * state) } -static TmEcode LogTlsLogIPWrapperJSON(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) +static TmEcode LogTlsLogIPWrapperJSON(ThreadVars *tv, Packet *p, void *data) { SCEnter(); AlertJsonThread *aft = (AlertJsonThread *)data; @@ -171,7 +171,7 @@ end: } -TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq) +TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data) { SCEnter(); @@ -184,7 +184,7 @@ TmEcode OutputTlsLog(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pac SCReturnInt(TM_ECODE_OK); } - LogTlsLogIPWrapperJSON(tv, p, data, pq, postpq); + LogTlsLogIPWrapperJSON(tv, p, data); SCReturnInt(TM_ECODE_OK); } diff --git a/src/output-tlslog.h b/src/output-tlslog.h index be98a4eb63..78007cefc5 100644 --- a/src/output-tlslog.h +++ b/src/output-tlslog.h @@ -24,7 +24,7 @@ #ifndef __OUTPUT_TLSLOG_H__ #define __OUTPUT_TLSLOG_H__ -TmEcode OutputTlsLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq); +TmEcode OutputTlsLog (ThreadVars *tv, Packet *p, void *data); OutputCtx *OutputTlsLogInit(ConfNode *); #endif /* __OUTPUT_TLSLOG_H__ */