suricata
Functions
output-json-alert.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void JsonAlertLogRegister (void)
 
void AlertJsonHeader (void *ctx, const Packet *p, const PacketAlert *pa, json_t *js, uint16_t flags)
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Logs alerts in JSON format.

Definition in file output-json-alert.h.

Function Documentation

void AlertJsonHeader ( void *  ctx,
const Packet p,
const PacketAlert pa,
json_t *  js,
uint16_t  flags 
)

Definition at line 295 of file output-json-alert.c.

References PacketAlert_::action, ACTION_DROP, ACTION_REJECT, ACTION_REJECT_BOTH, ACTION_REJECT_DST, AlertJsonHeader(), PacketAlerts_::alerts, Packet_::alerts, Flow_::alproto, ALPROTO_DNP3, ALPROTO_DNS, ALPROTO_FTPDATA, ALPROTO_HTTP, ALPROTO_NFS, ALPROTO_SIP, ALPROTO_SMB, ALPROTO_SMTP, ALPROTO_SSH, ALPROTO_TLS, AppProtoToString(), Base64Encode(), MemBuffer_::buffer, AlertJsonOutputCtx_::cfg, Signature_::class_msg, PacketAlerts_::cnt, ConfNodeLookupChildValue(), ConfValIsTrue(), CreateIsoTimeString(), CreateJSONHeader(), OutputCtx_::data, DEBUG_VALIDATE_BUG_ON, EngineModeIsIPS(), FALSE, AlertJsonOutputCtx_::file_ctx, JsonAlertLogThread_::file_ctx, HttpXFFCfg_::flags, AlertJsonOutputCtx_::flags, PacketAlert_::flags, Packet_::flags, Signature_::flags, Packet_::flow, FLOW_PKT_TOCLIENT, FLOW_PKT_TOSERVER, Packet_::flowflags, FlowGetAppProtocol(), Signature_::gid, HttpXFFGetIP(), HttpXFFGetIPFromTx(), Signature_::id, IS_TUNNEL_PKT, JsonAlertLogThread_::json_buffer, JSON_OUTPUT_BUFFER_SIZE, JsonAlertLogThread_::json_output_ctx, JsonAddCommonOptions(), JsonAddFlow(), JsonEmailAddMetadata(), JsonFiveTuple(), JsonFTPDataAddMetadata(), JsonHttpAddMetadata(), JsonHttpLogJSONBodyBase64(), JsonHttpLogJSONBodyPrintable(), JsonNFSAddMetadata(), JsonNFSAddMetadataRPC(), JsonPacket(), JsonSIPAddMetadata(), JsonSMBAddMetadata(), JsonSMTPAddMetadata(), len, LOG_DIR_PACKET, LOG_JSON_APP_LAYER, LOG_JSON_FLOW, LOG_JSON_HTTP_BODY, LOG_JSON_HTTP_BODY_BASE64, LOG_JSON_PACKET, LOG_JSON_PAYLOAD, LOG_JSON_PAYLOAD_BASE64, LOG_JSON_RULE, LOG_JSON_RULE_METADATA, LOG_JSON_TAGGED_PACKETS, LogFileFreeCtx(), m, MemBufferCreateNew(), MemBufferFree(), MemBufferReset, Signature_::msg, MemBuffer_::offset, offset, OutputJSONBuffer(), PACKET_ALERT_FLAG_STATE_MATCH, PACKET_ALERT_FLAG_STREAM_MATCH, PACKET_ALERT_FLAG_TX, PACKET_ALERT_RATE_FILTER_MODIFIED, PACKET_TEST_ACTION, AlertJsonOutputCtx_::parent_xff_cfg, Packet_::payload, JsonAlertLogThread_::payload_buffer, AlertJsonOutputCtx_::payload_buffer_size, Packet_::payload_len, PKT_HAS_TAG, PKT_IS_IPV4, PKT_IS_IPV6, PrintStringsToBuffer(), Signature_::prio, proto, Packet_::proto, Packet_::recursion_level, Signature_::rev, Packet_::root, PacketAlert_::s, SC_BASE64_OK, SCFree, SCJsonString(), SCLogDebug, SCMalloc, SCMutex, SCMutexLock, SCMutexUnlock, SIG_FLAG_HAS_TARGET, Signature_::sig_str, StreamSegmentForEach(), Packet_::tenant_id, TM_ECODE_FAILED, TM_ECODE_OK, TRUE, Packet_::ts, Packet_::tunnel_mutex, PacketAlert_::tx_id, unlikely, AlertJsonOutputCtx_::xff_cfg, XFF_DISABLED, XFF_EXTRADATA, XFF_MAXLEN, and XFF_OVERWRITE.

Referenced by AlertJsonHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

void JsonAlertLogRegister ( void  )

Definition at line 990 of file output-json-alert.c.

References LOGGER_JSON_ALERT, MODULE_NAME, OutputRegisterPacketModule(), and OutputRegisterPacketSubModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:

Here is the caller graph for this function: