suricata
Functions
output-json-alert.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void JsonAlertLogRegister (void)
 
void AlertJsonHeader (void *ctx, const Packet *p, const PacketAlert *pa, JsonBuilder *js, uint16_t flags, JsonAddrInfo *addr, char *xff_buffer)
 
void EveAddVerdict (JsonBuilder *jb, const Packet *p)
 Build verdict object. More...
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Logs alerts in JSON format.

Definition in file output-json-alert.h.

Function Documentation

◆ AlertJsonHeader()

void AlertJsonHeader ( void *  ctx,
const Packet p,
const PacketAlert pa,
JsonBuilder *  js,
uint16_t  flags,
JsonAddrInfo addr,
char *  xff_buffer 
)

Definition at line 184 of file output-json-alert.c.

References PacketAlert_::action, ACTION_DROP, ACTION_DROP_REJECT, ACTION_REJECT_ANY, Signature_::class_msg, EngineModeIsIPS(), PacketAlert_::flags, Signature_::flags, Signature_::gid, Signature_::id, Signature_::msg, PACKET_ALERT_FLAG_TX, PACKET_ALERT_RATE_FILTER_MODIFIED, PacketCheckAction(), Signature_::prio, Signature_::rev, PacketAlert_::s, SIG_FLAG_HAS_TARGET, Packet_::tenant_id, PacketAlert_::tx_id, and unlikely.

Here is the call graph for this function:

◆ EveAddVerdict()

void EveAddVerdict ( JsonBuilder *  jb,
const Packet p 
)

Build verdict object.

Parameters
pPointer to Packet current being logged

Definition at line 465 of file output-json-alert.c.

References PacketAlert_::action, ACTION_DROP, ACTION_PASS, ACTION_REJECT, ACTION_REJECT_ANY, ACTION_REJECT_BOTH, ACTION_REJECT_DST, PacketAlerts_::alerts, Packet_::alerts, PacketAlerts_::cnt, EngineModeIsIPS(), JB_SET_STRING, PacketCheckAction(), and Packet_::proto.

Here is the call graph for this function:

◆ JsonAlertLogRegister()

void JsonAlertLogRegister ( void  )

Definition at line 1003 of file output-json-alert.c.

References LOGGER_JSON_ALERT, MODULE_NAME, and OutputRegisterPacketSubModule().

Here is the call graph for this function: