54 #define DEFAULT_LOG_FILENAME "http.log"
56 #define MODULE_NAME "LogHttpLog"
58 #define OUTPUT_BUFFER_SIZE 65535
62 static void LogHttpLogDeInitCtx(
OutputCtx *);
72 #define LOG_HTTP_CF_REQUEST_HOST 'h'
73 #define LOG_HTTP_CF_REQUEST_PROTOCOL 'H'
74 #define LOG_HTTP_CF_REQUEST_METHOD 'm'
75 #define LOG_HTTP_CF_REQUEST_URI 'u'
76 #define LOG_HTTP_CF_REQUEST_TIME 't'
77 #define LOG_HTTP_CF_REQUEST_HEADER 'i'
78 #define LOG_HTTP_CF_REQUEST_COOKIE 'C'
79 #define LOG_HTTP_CF_REQUEST_LEN 'b'
80 #define LOG_HTTP_CF_RESPONSE_STATUS 's'
81 #define LOG_HTTP_CF_RESPONSE_HEADER 'o'
82 #define LOG_HTTP_CF_RESPONSE_LEN 'B'
91 #define LOG_HTTP_DEFAULT 0
92 #define LOG_HTTP_EXTENDED 1
93 #define LOG_HTTP_CUSTOM 2
104 static uint32_t GetCookieValue(uint8_t *rawcookies, uint32_t rawcookies_len,
char *cookiename,
105 uint8_t **cookievalue)
107 uint8_t *p = rawcookies;
110 while (p < rawcookies + rawcookies_len) {
111 if (cv == NULL && *p ==
'=') {
113 }
else if (cv != NULL && (*p ==
';' || p == rawcookies + rawcookies_len - 1) ) {
116 if (strlen(cookiename) == (
unsigned int) (cv-cn-1) &&
117 strncmp(cookiename, (
char *) cn, cv-cn-1) == 0) {
119 return (uint32_t) (p-cv);
130 static void LogHttpLogCustom(
LogHttpLogThread *aft, htp_tx_t *tx,
const struct timeval *
ts,
131 char *srcip,
Port sp,
char *dstip,
Port dp)
138 uint8_t *cvalue = NULL;
139 uint32_t cvalue_len = 0;
141 htp_header_t *h_request_hdr;
142 htp_header_t *h_response_hdr;
144 for (i = 0; i < httplog_ctx->
cf->
cf_n; i++) {
145 h_request_hdr = NULL;
146 h_response_hdr = NULL;
163 snprintf(buf,
sizeof(buf),
"%06u", (
unsigned int)
ts->tv_usec);
170 aft->
buffer->
size, (uint8_t *)srcip,strlen(srcip));
175 aft->
buffer->
size, (uint8_t *)dstip,strlen(dstip));
187 if (tx->request_method != NULL) {
189 aft->
buffer->
size, (uint8_t *)bstr_ptr(tx->request_method),
190 bstr_len(tx->request_method));
197 if (tx->request_uri != NULL) {
199 if (datalen == 0 || datalen > bstr_len(tx->request_uri)) {
200 datalen = bstr_len(tx->request_uri);
203 aft->
buffer->
size, (uint8_t *)bstr_ptr(tx->request_uri),
211 if (tx->request_hostname != NULL)
214 if (datalen == 0 || datalen > bstr_len(tx->request_hostname)) {
215 datalen = bstr_len(tx->request_hostname);
218 aft->
buffer->
size, (uint8_t *)bstr_ptr(tx->request_hostname),
226 if (tx->request_protocol != NULL) {
228 aft->
buffer->
size, (uint8_t *)bstr_ptr(tx->request_protocol),
229 bstr_len(tx->request_protocol));
236 if (tx->request_headers != NULL) {
237 h_request_hdr = htp_table_get_c(tx->request_headers, node->
data);
239 if (h_request_hdr != NULL) {
241 if (datalen == 0 || datalen > bstr_len(h_request_hdr->value)) {
242 datalen = bstr_len(h_request_hdr->value);
245 aft->
buffer->
size, (uint8_t *)bstr_ptr(h_request_hdr->value),
253 if (tx->request_headers != NULL) {
254 h_request_hdr = htp_table_get_c(tx->request_headers,
"Cookie");
255 if (h_request_hdr != NULL) {
256 cvalue_len = GetCookieValue((uint8_t *) bstr_ptr(h_request_hdr->value),
257 bstr_len(h_request_hdr->value), (
char *) node->
data,
261 if (cvalue_len > 0 && cvalue != NULL) {
263 if (datalen == 0 || datalen > cvalue_len) {
264 datalen = cvalue_len;
278 if (tx->response_status != NULL) {
280 aft->
buffer->
size, (uint8_t *)bstr_ptr(tx->response_status),
281 bstr_len(tx->response_status));
288 if (tx->response_headers != NULL) {
289 h_response_hdr = htp_table_get_c(tx->response_headers,
292 if (h_response_hdr != NULL) {
294 if (datalen == 0 || datalen > bstr_len(h_response_hdr->value)) {
295 datalen = bstr_len(h_response_hdr->value);
298 aft->
buffer->
size, (uint8_t *)bstr_ptr(h_response_hdr->value),
311 SCLogDebug(
"No matching parameter %%%c for custom http log.", node->
type);
323 htp_header_t *h_referer = NULL;
324 if (tx->request_headers != NULL) {
325 h_referer = htp_table_get_c(tx->request_headers,
"referer");
327 if (h_referer != NULL) {
329 (uint8_t *)bstr_ptr(h_referer->value),
330 bstr_len(h_referer->value));
338 if (tx->request_method != NULL) {
340 (uint8_t *)bstr_ptr(tx->request_method),
341 bstr_len(tx->request_method));
346 if (tx->request_protocol != NULL) {
348 (uint8_t *)bstr_ptr(tx->request_protocol),
349 bstr_len(tx->request_protocol));
356 if (tx->response_status != NULL) {
358 (uint8_t *)bstr_ptr(tx->response_status),
359 bstr_len(tx->response_status));
361 if ((tx->response_status_number > 300) && ((tx->response_status_number) < 303)) {
362 htp_header_t *h_location = htp_table_get_c(tx->response_headers,
"location");
363 if (h_location != NULL) {
367 (uint8_t *)bstr_ptr(h_location->value),
368 bstr_len(h_location->value));
391 char srcip[46], dstip[46];
425 SCLogDebug(
"got a HTTP request and now logging !!");
431 LogHttpLogCustom(aft, tx, &p->
ts, srcip, sp, dstip, dp);
437 if (tx->request_hostname != NULL) {
439 (uint8_t *)bstr_ptr(tx->request_hostname),
440 bstr_len(tx->request_hostname));
447 if (tx->request_uri != NULL) {
449 (uint8_t *)bstr_ptr(tx->request_uri),
450 bstr_len(tx->request_uri));
455 htp_header_t *h_user_agent = NULL;
456 if (tx->request_headers != NULL) {
457 h_user_agent = htp_table_get_c(tx->request_headers,
"user-agent");
459 if (h_user_agent != NULL) {
461 (uint8_t *)bstr_ptr(h_user_agent->value),
462 bstr_len(h_user_agent->value));
467 LogHttpLogExtended(aft, tx);
473 "%s:%" PRIu16
" -> %s:%" PRIu16
"\n",
474 srcip, sp, dstip, dp);
497 r = LogHttpLogIPWrapper(
tv, thread_data, p, f, (
HtpState *)state, (htp_tx_t *)tx, tx_id, AF_INET);
499 r = LogHttpLogIPWrapper(
tv, thread_data, p, f, (
HtpState *)state, (htp_tx_t *)tx, tx_id, AF_INET6);
514 SCLogDebug(
"Error getting context for LogHTTPLog. \"initdata\" argument NULL");
520 if (aft->
buffer == NULL) {
555 if(file_ctx == NULL) {
566 if (
unlikely(httplog_ctx == NULL)) {
579 if (custom != NULL && customformat != NULL &&
ConfValIsTrue(custom)) {
582 if (!httplog_ctx->
cf) {
593 if (extended == NULL) {
607 output_ctx->
data = httplog_ctx;
608 output_ctx->
DeInit = LogHttpLogDeInitCtx;
615 result.
ctx = output_ctx;
629 static void LogHttpLogDeInitCtx(
OutputCtx *output_ctx)