]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c425741) | patch
output-json: add MAC address output 5258/head
authorSascha Steinbiss <satta@debian.org>
Mon, 2 Mar 2020 18:10:30 +0000 (19:10 +0100)
committerVictor Julien <victor@inliniac.net>
Sun, 2 Aug 2020 18:36:44 +0000 (20:36 +0200)
commit4e1a41a17d644f7e74d914302f3228d12aa76fbf
treec6fcb5a344accb08d359b02a1d6d8cf34c1fb110tree
parentc42574169e0b3e4bca396493b21f0208ee1bc759commit | diff
output-json: add MAC address output

This commit adds MAC address output to the EVE-JSON format. We follow the
remarks made in Redmine ticket #962: for packets, log MAC src/dst as a
scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names
are different between flow and packet context to avoid type confusion
(src_mac vs. src_macs). Configuration approach and JSON representation is
taken from previous GitHub PR #2700.
16 files changed:
doc/userguide/output/eve/eve-json-output.rst diff | blob | blame | history
src/Makefile.am diff | blob | blame | history
src/decode.c diff | blob | blame | history
src/decode.h diff | blob | blame | history
src/flow-util.c diff | blob | blame | history
src/flow-util.h diff | blob | blame | history
src/flow-worker.c diff | blob | blame | history
src/flow.c diff | blob | blame | history
src/flow.h diff | blob | blame | history
src/output-json.c diff | blob | blame | history
src/output-json.h diff | blob | blame | history
src/runmode-unittests.c diff | blob | blame | history
src/suricata.c diff | blob | blame | history
src/util-macset.c [new file with mode: 0644] blob
src/util-macset.h [new file with mode: 0644] blob
suricata.yaml.in diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git