Go to the source code of this file.
Functions | |
| void | JsonAlertLogRegister (void) |
| void | AlertJsonHeader (const Packet *p, const PacketAlert *pa, SCJsonBuilder *js, uint16_t flags, JsonAddrInfo *addr, char *xff_buffer) |
| void | EveAddVerdict (SCJsonBuilder *jb, const Packet *p) |
| Build verdict object. More... | |
Detailed Description
Logs alerts in JSON format.
Definition in file output-json-alert.h.
Function Documentation
◆ AlertJsonHeader()
| void AlertJsonHeader | ( | const Packet * | p, |
| const PacketAlert * | pa, | ||
| SCJsonBuilder * | js, | ||
| uint16_t | flags, | ||
| JsonAddrInfo * | addr, | ||
| char * | xff_buffer | ||
| ) |
Definition at line 203 of file output-json-alert.c.
References PacketAlert_::action, ACTION_DROP, ACTION_DROP_REJECT, ACTION_REJECT_ANY, Signature_::class_msg, EngineModeIsIPS(), PacketAlert_::flags, Signature_::flags, Signature_::gid, Signature_::id, Signature_::msg, PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED, PACKET_ALERT_FLAG_TX, PACKET_ALERT_FLAG_TX_GUESSED, PacketCheckAction(), Signature_::prio, Signature_::rev, PacketAlert_::s, SIG_FLAG_HAS_TARGET, Packet_::tenant_id, PacketAlert_::tx_id, and unlikely.
◆ EveAddVerdict()
| void EveAddVerdict | ( | SCJsonBuilder * | jb, |
| const Packet * | p | ||
| ) |
Build verdict object.
- Parameters
-
p Pointer to Packet current being logged
Definition at line 546 of file output-json-alert.c.
References PacketAlert_::action, ACTION_ACCEPT, ACTION_DROP, ACTION_PASS, ACTION_REJECT, ACTION_REJECT_ANY, ACTION_REJECT_BOTH, ACTION_REJECT_DST, PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, EngineModeIsIPS(), JB_SET_STRING, PacketCheckAction(), and Packet_::proto.
◆ JsonAlertLogRegister()
| void JsonAlertLogRegister | ( | void | ) |
Definition at line 1113 of file output-json-alert.c.
References OutputPacketLoggerFunctions_::LogFunc.
