suricata
Functions
output-json-alert.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void JsonAlertLogRegister (void)
 
void AlertJsonHeader (const Packet *p, const PacketAlert *pa, SCJsonBuilder *js, uint16_t flags, JsonAddrInfo *addr, char *xff_buffer)
 
void EveAddVerdict (SCJsonBuilder *jb, const Packet *p, const uint8_t alert_action)
 Build verdict object. More...
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Logs alerts in JSON format.

Definition in file output-json-alert.h.

Function Documentation

◆ AlertJsonHeader()

void AlertJsonHeader ( const Packet p,
const PacketAlert pa,
SCJsonBuilder *  js,
uint16_t  flags,
JsonAddrInfo addr,
char *  xff_buffer 
)

Definition at line 203 of file output-json-alert.c.

References PacketAlert_::action, ACTION_DROP, ACTION_DROP_REJECT, ACTION_REJECT_ANY, Signature_::class_msg, EngineModeIsIPS(), PacketAlert_::flags, Signature_::flags, Signature_::gid, Signature_::id, Signature_::msg, PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED, PACKET_ALERT_FLAG_TX, PACKET_ALERT_FLAG_TX_GUESSED, PacketCheckAction(), Signature_::prio, Signature_::rev, PacketAlert_::s, SIG_FLAG_HAS_TARGET, Packet_::tenant_id, PacketAlert_::tx_id, and unlikely.

Here is the call graph for this function:

◆ EveAddVerdict()

void EveAddVerdict ( SCJsonBuilder *  jb,
const Packet p,
const uint8_t  alert_action 
)

Build verdict object.

Parameters
pPointer to Packet current being logged
alert_actionaction bitfield from the alert: only used for ACTION_PASS

Definition at line 540 of file output-json-alert.c.

References ACTION_ACCEPT, ACTION_DROP, ACTION_PASS, ACTION_REJECT, ACTION_REJECT_ANY, ACTION_REJECT_BOTH, ACTION_REJECT_DST, EngineModeIsIPS(), JB_SET_STRING, PacketGetAction(), Packet_::pcap_cnt, Packet_::proto, and SCLogDebug.

Here is the call graph for this function:

◆ JsonAlertLogRegister()

void JsonAlertLogRegister ( void  )

Definition at line 1109 of file output-json-alert.c.

References OutputPacketLoggerFunctions_::LogFunc.