109 json_object_set_new(js,
"http", hjs);
114 json_object_set_new(js,
"smtp", hjs);
117 json_object_set_new(js,
"email", hjs);
122 json_object_set_new(js,
"rpc", hjs);
125 json_object_set_new(js,
"nfs", hjs);
130 json_object_set_new(js,
"smb", hjs);
134 json_object_set_new(js,
"app_proto",
137 json_t *fjs = json_object();
143 size_t filename_size = ff->
name_len * 2 + 1;
144 char filename_string[filename_size];
146 json_object_set_new(fjs,
"filename",
SCJsonString(filename_string));
148 json_t *sig_ids = json_array();
154 for (uint32_t i = 0; ff->
sid != NULL && i < ff->
sid_cnt; i++) {
155 json_array_append_new(sig_ids, json_integer(ff->
sid[i]));
157 json_object_set_new(fjs,
"sid", sig_ids);
161 json_object_set_new(fjs,
"magic", json_string((
char *)ff->magic));
166 json_object_set_new(fjs,
"state", json_string(
"CLOSED"));
172 for (i = 0, x = 0; x <
sizeof(ff->md5); x++) {
173 i += snprintf(&str[i], 255-i,
"%02x", ff->md5[x]);
175 json_object_set_new(fjs,
"md5", json_string(str));
181 for (i = 0, x = 0; x <
sizeof(ff->sha1); x++) {
182 i += snprintf(&str[i], 255-i,
"%02x", ff->sha1[x]);
184 json_object_set_new(fjs,
"sha1", json_string(str));
189 json_object_set_new(fjs,
"state", json_string(
"TRUNCATED"));
192 json_object_set_new(fjs,
"state", json_string(
"ERROR"));
195 json_object_set_new(fjs,
"state", json_string(
"UNKNOWN"));
204 for (i = 0, x = 0; x <
sizeof(ff->sha256); x++) {
205 i += snprintf(&str[i], 255-i,
"%02x", ff->sha256[x]);
207 json_object_set_new(fjs,
"sha256", json_string(str));
211 json_object_set_new(fjs,
"stored", stored ? json_true() : json_false());
213 json_object_set_new(fjs,
"file_id", json_integer(ff->
file_store_id));
217 json_object_set_new(fjs,
"start", json_integer(ff->
start));
218 json_object_set_new(fjs,
"end", json_integer(ff->
end));
220 json_object_set_new(fjs,
"tx_id", json_integer(ff->
txid));
233 json_object_set_new(js,
"xff", json_string(buffer));
237 json_object_set(js,
"dest_ip", json_string(buffer));
239 json_object_set(js,
"src_ip", json_string(buffer));
246 json_object_set_new(js,
"fileinfo", fjs);
256 const File *ff, uint32_t dir)
271 static int JsonFileLogger(
ThreadVars *tv,
void *thread_data,
const Packet *p,
272 const File *ff, uint8_t dir)
281 FileWriteJsonRecord(aft, p, ff, dir);
286 static TmEcode JsonFileLogThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
295 SCLogDebug(
"Error getting context for EveLogFile. \"initdata\" argument NULL");
304 if (aft->
buffer == NULL) {
328 static void OutputFileLogDeinitSub(
OutputCtx *output_ctx)
348 if (
unlikely(output_file_ctx == NULL))
361 if (force_filestore != NULL &&
ConfValIsTrue(force_filestore)) {
369 SCLogConfig(
"forcing magic lookup for logged files");
377 if (output_file_ctx->
xff_cfg != NULL) {
384 output_ctx->
data = output_file_ctx;
385 output_ctx->
DeInit = OutputFileLogDeinitSub;
388 result.
ctx = output_ctx;
397 "eve-log.files", OutputFileLogInitSub, JsonFileLogger,
398 JsonFileLogThreadInit, JsonFileLogThreadDeinit, NULL);
MemBuffer * MemBufferCreateNew(uint32_t size)
json_t * JsonSMTPAddMetadata(const Flow *f, uint64_t tx_id)
#define JSON_OUTPUT_BUFFER_SIZE
json_t * CreateJSONHeader(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type)
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer)
json_t * JsonSMBAddMetadata(const Flow *f, uint64_t tx_id)
void HttpXFFGetCfg(ConfNode *conf, HttpXFFCfg *result)
Function to return XFF configuration from a configuration node.
#define MemBufferReset(mem_buffer)
Reset the mem buffer.
OutputFileCtx * filelog_ctx
void(* DeInit)(struct OutputCtx_ *)
AppProto FlowGetAppProtocol(const Flow *f)
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
struct OutputFileCtx_ OutputFileCtx
json_t * JsonHttpAddMetadata(const Flow *f, uint64_t tx_id)
json_t * JsonBuildFileInfoRecord(const Packet *p, const File *ff, const bool stored, uint8_t dir, HttpXFFCfg *xff_cfg)
#define json_boolean(val)
void FileForceTrackingEnable(void)
struct JsonFileLogThread_ JsonFileLogThread
HttpXFFCfg * parent_xff_cfg
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
void OutputRegisterFileSubModule(LoggerId id, const char *parent_name, const char *name, const char *conf_name, OutputInitSubFunc InitFunc, FileLogger FileLogFunc, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
Register a file output sub-module.
json_t * JsonNFSAddMetadataRPC(const Flow *f, uint64_t tx_id)
json_t * JsonEmailAddMetadata(const Flow *f, uint32_t tx_id)
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
int HttpXFFGetIPFromTx(const Flow *f, uint64_t tx_id, HttpXFFCfg *xff_cfg, char *dstbuf, int dstbuflen)
Function to return XFF IP if any in the selected transaction. The caller needs to lock the flow...
void FileForceHashParseCfg(ConfNode *conf)
Function to parse forced file hashing configuration.
void FileForceMagicEnable(void)
void BytesToStringBuffer(const uint8_t *bytes, size_t nbytes, char *outstr, size_t outlen)
Turn byte array into string.
void FileForceFilestoreEnable(void)
json_t * SCJsonString(const char *val)
json_t * JsonNFSAddMetadata(const Flow *f, uint64_t tx_id)
int ConfValIsTrue(const char *val)
Check if a value is true.
void JsonFileLogRegister(void)
uint64_t FileTrackedSize(const File *file)
get the size of the file
Per thread variable structure.
#define FLOW_PKT_TOCLIENT
AppProto alproto
application level protocol
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
void MemBufferFree(MemBuffer *buffer)
#define DEBUG_VALIDATE_BUG_ON(exp)