#include "suricata-common.h"#include "packet.h"#include "detect.h"#include "flow.h"#include "conf.h"#include "stream.h"#include "threadvars.h"#include "util-debug.h"#include "stream-tcp.h"#include "util-logopenfile.h"#include "util-misc.h"#include "util-time.h"#include "detect-engine.h"#include "detect-metadata.h"#include "app-layer-parser.h"#include "app-layer-dnp3.h"#include "app-layer-htp-xff.h"#include "app-layer-ftp.h"#include "app-layer-frames.h"#include "log-pcap.h"#include "output.h"#include "output-json.h"#include "output-json-alert.h"#include "output-json-dnp3.h"#include "output-json-dns.h"#include "output-json-http.h"#include "output-json-tls.h"#include "rust.h"#include "output-json-smtp.h"#include "output-json-email-common.h"#include "output-json-nfs.h"#include "output-json-smb.h"#include "output-json-flow.h"#include "output-json-mqtt.h"#include "output-json-ike.h"#include "output-json-frame.h"#include "util-print.h"#include "util-optimize.h"#include "util-buffer.h"#include "util-validate.h"#include "action-globals.h"
Go to the source code of this file.
Data Structures | |
| struct | AlertJsonOutputCtx_ |
| struct | JsonAlertLogThread_ |
| struct | AlertJsonStreamDataCallbackData |
Macros | |
| #define | MODULE_NAME "JsonAlertLog" |
| #define | LOG_JSON_PAYLOAD BIT_U16(0) |
| #define | LOG_JSON_PACKET BIT_U16(1) |
| #define | LOG_JSON_PAYLOAD_BASE64 BIT_U16(2) |
| #define | LOG_JSON_TAGGED_PACKETS BIT_U16(3) |
| #define | LOG_JSON_APP_LAYER BIT_U16(4) |
| #define | LOG_JSON_FLOW BIT_U16(5) |
| #define | LOG_JSON_HTTP_BODY BIT_U16(6) |
| #define | LOG_JSON_HTTP_BODY_BASE64 BIT_U16(7) |
| #define | LOG_JSON_RULE_METADATA BIT_U16(8) |
| #define | LOG_JSON_RULE BIT_U16(9) |
| #define | LOG_JSON_VERDICT BIT_U16(10) |
| #define | LOG_JSON_WEBSOCKET_PAYLOAD BIT_U16(11) |
| #define | LOG_JSON_WEBSOCKET_PAYLOAD_BASE64 BIT_U16(12) |
| #define | METADATA_DEFAULTS |
| #define | JSON_BODY_LOGGING |
| #define | JSON_STREAM_BUFFER_SIZE 4096 |
| #define | DEFAULT_LOG_FILENAME "alert.json" |
Typedefs | |
| typedef struct AlertJsonOutputCtx_ | AlertJsonOutputCtx |
| typedef struct JsonAlertLogThread_ | JsonAlertLogThread |
Functions | |
| void | AlertJsonHeader (void *ctx, const Packet *p, const PacketAlert *pa, JsonBuilder *js, uint16_t flags, JsonAddrInfo *addr, char *xff_buffer) |
| void | EveAddVerdict (JsonBuilder *jb, const Packet *p) |
| Build verdict object. More... | |
| void | JsonAlertLogRegister (void) |
Detailed Description
Logs alerts in JSON format.
Definition in file output-json-alert.c.
Macro Definition Documentation
◆ DEFAULT_LOG_FILENAME
| #define DEFAULT_LOG_FILENAME "alert.json" |
Definition at line 862 of file output-json-alert.c.
◆ JSON_BODY_LOGGING
| #define JSON_BODY_LOGGING |
Definition at line 96 of file output-json-alert.c.
◆ JSON_STREAM_BUFFER_SIZE
| #define JSON_STREAM_BUFFER_SIZE 4096 |
Definition at line 100 of file output-json-alert.c.
◆ LOG_JSON_APP_LAYER
| #define LOG_JSON_APP_LAYER BIT_U16(4) |
Definition at line 82 of file output-json-alert.c.
◆ LOG_JSON_FLOW
| #define LOG_JSON_FLOW BIT_U16(5) |
Definition at line 83 of file output-json-alert.c.
◆ LOG_JSON_HTTP_BODY
| #define LOG_JSON_HTTP_BODY BIT_U16(6) |
Definition at line 84 of file output-json-alert.c.
◆ LOG_JSON_HTTP_BODY_BASE64
| #define LOG_JSON_HTTP_BODY_BASE64 BIT_U16(7) |
Definition at line 85 of file output-json-alert.c.
◆ LOG_JSON_PACKET
| #define LOG_JSON_PACKET BIT_U16(1) |
Definition at line 79 of file output-json-alert.c.
◆ LOG_JSON_PAYLOAD
| #define LOG_JSON_PAYLOAD BIT_U16(0) |
Definition at line 78 of file output-json-alert.c.
◆ LOG_JSON_PAYLOAD_BASE64
| #define LOG_JSON_PAYLOAD_BASE64 BIT_U16(2) |
Definition at line 80 of file output-json-alert.c.
◆ LOG_JSON_RULE
| #define LOG_JSON_RULE BIT_U16(9) |
Definition at line 87 of file output-json-alert.c.
◆ LOG_JSON_RULE_METADATA
| #define LOG_JSON_RULE_METADATA BIT_U16(8) |
Definition at line 86 of file output-json-alert.c.
◆ LOG_JSON_TAGGED_PACKETS
| #define LOG_JSON_TAGGED_PACKETS BIT_U16(3) |
Definition at line 81 of file output-json-alert.c.
◆ LOG_JSON_VERDICT
| #define LOG_JSON_VERDICT BIT_U16(10) |
Definition at line 88 of file output-json-alert.c.
◆ LOG_JSON_WEBSOCKET_PAYLOAD
| #define LOG_JSON_WEBSOCKET_PAYLOAD BIT_U16(11) |
Definition at line 89 of file output-json-alert.c.
◆ LOG_JSON_WEBSOCKET_PAYLOAD_BASE64
| #define LOG_JSON_WEBSOCKET_PAYLOAD_BASE64 BIT_U16(12) |
Definition at line 90 of file output-json-alert.c.
◆ METADATA_DEFAULTS
| #define METADATA_DEFAULTS |
Definition at line 92 of file output-json-alert.c.
◆ MODULE_NAME
| #define MODULE_NAME "JsonAlertLog" |
Definition at line 76 of file output-json-alert.c.
Typedef Documentation
◆ AlertJsonOutputCtx
| typedef struct AlertJsonOutputCtx_ AlertJsonOutputCtx |
◆ JsonAlertLogThread
| typedef struct JsonAlertLogThread_ JsonAlertLogThread |
Function Documentation
◆ AlertJsonHeader()
| void AlertJsonHeader | ( | void * | ctx, |
| const Packet * | p, | ||
| const PacketAlert * | pa, | ||
| JsonBuilder * | js, | ||
| uint16_t | flags, | ||
| JsonAddrInfo * | addr, | ||
| char * | xff_buffer | ||
| ) |
Definition at line 184 of file output-json-alert.c.
References PacketAlert_::action, ACTION_DROP, ACTION_DROP_REJECT, ACTION_REJECT_ANY, Signature_::class_msg, EngineModeIsIPS(), PacketAlert_::flags, Signature_::flags, Signature_::gid, Signature_::id, Signature_::msg, PACKET_ALERT_FLAG_TX, PACKET_ALERT_RATE_FILTER_MODIFIED, PacketCheckAction(), Signature_::prio, Signature_::rev, PacketAlert_::s, SIG_FLAG_HAS_TARGET, Packet_::tenant_id, PacketAlert_::tx_id, and unlikely.
◆ EveAddVerdict()
| void EveAddVerdict | ( | JsonBuilder * | jb, |
| const Packet * | p | ||
| ) |
Build verdict object.
- Parameters
-
p Pointer to Packet current being logged
Definition at line 465 of file output-json-alert.c.
References PacketAlert_::action, ACTION_DROP, ACTION_PASS, ACTION_REJECT, ACTION_REJECT_ANY, ACTION_REJECT_BOTH, ACTION_REJECT_DST, PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, EngineModeIsIPS(), JB_SET_STRING, PacketCheckAction(), and Packet_::proto.
◆ JsonAlertLogRegister()
| void JsonAlertLogRegister | ( | void | ) |
Definition at line 1001 of file output-json-alert.c.
References LOGGER_JSON_ALERT, MODULE_NAME, and OutputRegisterPacketSubModule().
