suricata
alert-unified2-alert.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define UNIFIED2_PACKET_FLAG   1
 
#define UNIFIED2_BLOCKED_FLAG   0x20
 
#define UNIFIED2_EVENT_TYPE   1
 
#define UNIFIED2_PACKET_TYPE   2
 
#define UNIFIED2_IDS_EVENT_TYPE   7
 
#define UNIFIED2_EVENT_EXTENDED_TYPE   66
 
#define UNIFIED2_PERFORMANCE_TYPE   67
 
#define UNIFIED2_PORTSCAN_TYPE   68
 
#define UNIFIED2_IDS_EVENT_IPV6_TYPE   72
 
#define UNIFIED2_IDS_EVENT_MPLS_TYPE   99
 
#define UNIFIED2_IDS_EVENT_IPV6_MPLS_TYPE   100
 
#define UNIFIED2_IDS_EVENT_EXTRADATA_TYPE   110
 
#define UNIFIED2_EXTRADATA_CLIENT_IPV4_TYPE   1
 
#define UNIFIED2_EXTRADATA_CLIENT_IPV6_TYPE   2
 
#define UNIFIED2_EXTRADATA_TYPE_BLOB   1
 
#define UNIFIED2_EXTRADATA_TYPE_EXTRA_DATA   4
 

Functions

void Unified2AlertRegister (void)
 
OutputInitResult Unified2AlertInitCtx (ConfNode *)
 Create a new LogFileCtx from the provided ConfNode. More...
 

Detailed Description

Macro Definition Documentation

#define UNIFIED2_BLOCKED_FLAG   0x20

Definition at line 28 of file alert-unified2-alert.h.

#define UNIFIED2_EVENT_EXTENDED_TYPE   66

Definition at line 34 of file alert-unified2-alert.h.

#define UNIFIED2_EVENT_TYPE   1

Unified2 Header Types

Definition at line 31 of file alert-unified2-alert.h.

#define UNIFIED2_EXTRADATA_CLIENT_IPV4_TYPE   1

Definition at line 41 of file alert-unified2-alert.h.

#define UNIFIED2_EXTRADATA_CLIENT_IPV6_TYPE   2

Definition at line 42 of file alert-unified2-alert.h.

#define UNIFIED2_EXTRADATA_TYPE_BLOB   1

Definition at line 43 of file alert-unified2-alert.h.

#define UNIFIED2_EXTRADATA_TYPE_EXTRA_DATA   4

Definition at line 44 of file alert-unified2-alert.h.

#define UNIFIED2_IDS_EVENT_EXTRADATA_TYPE   110

Definition at line 40 of file alert-unified2-alert.h.

#define UNIFIED2_IDS_EVENT_IPV6_MPLS_TYPE   100

Definition at line 39 of file alert-unified2-alert.h.

#define UNIFIED2_IDS_EVENT_IPV6_TYPE   72

Definition at line 37 of file alert-unified2-alert.h.

#define UNIFIED2_IDS_EVENT_MPLS_TYPE   99

Definition at line 38 of file alert-unified2-alert.h.

#define UNIFIED2_IDS_EVENT_TYPE   7

Definition at line 33 of file alert-unified2-alert.h.

#define UNIFIED2_PACKET_FLAG   1

Unified2 Option packet action

Definition at line 27 of file alert-unified2-alert.h.

#define UNIFIED2_PACKET_TYPE   2

Definition at line 32 of file alert-unified2-alert.h.

#define UNIFIED2_PERFORMANCE_TYPE   67

Definition at line 35 of file alert-unified2-alert.h.

#define UNIFIED2_PORTSCAN_TYPE   68

Definition at line 36 of file alert-unified2-alert.h.

Function Documentation

OutputInitResult Unified2AlertInitCtx ( ConfNode conf)

Create a new LogFileCtx from the provided ConfNode.

Parameters
confThe configuration node for this output.
Returns
NULL if failure, LogFileCtx* to the file_ctx if succesful

Definition at line 1276 of file alert-unified2-alert.c.

References Packet_::action, ACTION_DROP, PacketAlerts_::alerts, Packet_::alerts, ByteExtractStringUint32(), PacketAlerts_::cnt, ConfGetChildValueBool(), ConfigGetLogDirectory(), ConfNodeLookupChildValue(), ConfValIsFalse(), ConfValIsTrue(), OutputInitResult_::ctx, OutputCtx_::data, DecodeEthernet(), DecodePPP(), DEFAULT_LIMIT, DEFAULT_LOG_FILENAME, OutputCtx_::DeInit, Unified2AlertFileCtx_::file_ctx, LogFileCtx_::filename, Unified2AlertFileCtx_::flags, flags, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), LogFileCtx_::fp, Signature_::gid, HttpXFFGetCfg(), Signature_::id, LogFileFreeCtx(), LogFileNewCtx(), MIN_LIMIT, LogFileCtx_::nostamp, OutputInitResult_::ok, OutputRegisterFileRotationFlag(), PACKET_RECYCLE, PacketDequeue(), PacketGetFromAlloc(), ParseSizeStringU64(), LogFileCtx_::prefix, Signature_::rev, LogFileCtx_::rotation_flag, run_mode, RUNMODE_UNITTEST, PacketAlert_::s, SC_ATOMIC_INIT, SC_ERR_FOPEN, SC_ERR_INVALID_ARGUMENT, SC_ERR_MEM_ALLOC, SC_ERR_UNIFIED2_ALERT_GENERIC, SCCalloc, SCFree, SCLogError, SCLogInfo, SCMalloc, SCStrdup, SET_PKT_LEN, LogFileCtx_::size_limit, TimeGet(), TimeSetIncrementTime(), TM_ECODE_FAILED, UNIFIED2_ALERT_FLAGS_EMIT_PACKET, Unified2AlertInitCtx(), Unified2AlertThreadDeinit(), Unified2AlertThreadInit(), Unified2Logger(), unlikely, and Unified2AlertFileCtx_::xff_cfg.

Referenced by Unified2AlertInitCtx(), and Unified2AlertRegister().

Here is the call graph for this function:

Here is the caller graph for this function: