suricata
output-json-http.c File Reference
#include "suricata-common.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "app-layer-htp.h"
#include "app-layer-htp-file.h"
#include "app-layer-htp-xff.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
#include "output-json.h"
#include "output-json-alert.h"
#include "output-json-http.h"
#include "util-byte.h"
Include dependency graph for output-json-http.c:

Go to the source code of this file.

Data Structures

struct  LogHttpFileCtx_
 
struct  JsonHttpLogThread_
 

Macros

#define MAX_SIZE_HEADER_NAME   256
 
#define MAX_SIZE_HEADER_VALUE   2048
 
#define LOG_HTTP_DEFAULT   0
 
#define LOG_HTTP_EXTENDED   1
 
#define LOG_HTTP_REQUEST   2 /* request field */
 
#define LOG_HTTP_ARRAY   4 /* require array handling */
 
#define LOG_HTTP_REQ_HEADERS   8
 
#define LOG_HTTP_RES_HEADERS   16
 

Typedefs

typedef struct LogHttpFileCtx_ LogHttpFileCtx
 
typedef struct JsonHttpLogThread_ JsonHttpLogThread
 

Enumerations

enum  HttpField {
  HTTP_FIELD_ACCEPT = 0, HTTP_FIELD_ACCEPT_CHARSET, HTTP_FIELD_ACCEPT_ENCODING, HTTP_FIELD_ACCEPT_LANGUAGE,
  HTTP_FIELD_ACCEPT_DATETIME, HTTP_FIELD_AUTHORIZATION, HTTP_FIELD_CACHE_CONTROL, HTTP_FIELD_COOKIE,
  HTTP_FIELD_FROM, HTTP_FIELD_MAX_FORWARDS, HTTP_FIELD_ORIGIN, HTTP_FIELD_PRAGMA,
  HTTP_FIELD_PROXY_AUTHORIZATION, HTTP_FIELD_RANGE, HTTP_FIELD_TE, HTTP_FIELD_VIA,
  HTTP_FIELD_X_REQUESTED_WITH, HTTP_FIELD_DNT, HTTP_FIELD_X_FORWARDED_PROTO, HTTP_FIELD_X_AUTHENTICATED_USER,
  HTTP_FIELD_X_FLASH_VERSION, HTTP_FIELD_ACCEPT_RANGES, HTTP_FIELD_AGE, HTTP_FIELD_ALLOW,
  HTTP_FIELD_CONNECTION, HTTP_FIELD_CONTENT_ENCODING, HTTP_FIELD_CONTENT_LANGUAGE, HTTP_FIELD_CONTENT_LENGTH,
  HTTP_FIELD_CONTENT_LOCATION, HTTP_FIELD_CONTENT_MD5, HTTP_FIELD_CONTENT_RANGE, HTTP_FIELD_CONTENT_TYPE,
  HTTP_FIELD_DATE, HTTP_FIELD_ETAG, HTTP_FIELD_EXPIRES, HTTP_FIELD_LAST_MODIFIED,
  HTTP_FIELD_LINK, HTTP_FIELD_LOCATION, HTTP_FIELD_PROXY_AUTHENTICATE, HTTP_FIELD_REFERRER,
  HTTP_FIELD_REFRESH, HTTP_FIELD_RETRY_AFTER, HTTP_FIELD_SERVER, HTTP_FIELD_SET_COOKIE,
  HTTP_FIELD_TRAILER, HTTP_FIELD_TRANSFER_ENCODING, HTTP_FIELD_UPGRADE, HTTP_FIELD_VARY,
  HTTP_FIELD_WARNING, HTTP_FIELD_WWW_AUTHENTICATE, HTTP_FIELD_TRUE_CLIENT_IP, HTTP_FIELD_ORG_SRC_IP,
  HTTP_FIELD_X_BLUECOAT_VIA, HTTP_FIELD_SIZE
}
 

Functions

void EveHttpLogJSONBodyPrintable (JsonBuilder *js, Flow *f, uint64_t tx_id)
 
void EveHttpLogJSONBodyBase64 (JsonBuilder *js, Flow *f, uint64_t tx_id)
 
bool EveHttpAddMetadata (const Flow *f, uint64_t tx_id, JsonBuilder *js)
 
void JsonHttpLogRegister (void)
 

Variables

struct {
   const char *   config_field
 
   const char *   htp_field
 
   uint32_t   flags
 
http_fields []
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Implements HTTP JSON logging portion of the engine.

Definition in file output-json-http.c.

Macro Definition Documentation

◆ LOG_HTTP_ARRAY

#define LOG_HTTP_ARRAY   4 /* require array handling */

Definition at line 77 of file output-json-http.c.

◆ LOG_HTTP_DEFAULT

#define LOG_HTTP_DEFAULT   0

Definition at line 74 of file output-json-http.c.

◆ LOG_HTTP_EXTENDED

#define LOG_HTTP_EXTENDED   1

Definition at line 75 of file output-json-http.c.

◆ LOG_HTTP_REQ_HEADERS

#define LOG_HTTP_REQ_HEADERS   8

Definition at line 78 of file output-json-http.c.

◆ LOG_HTTP_REQUEST

#define LOG_HTTP_REQUEST   2 /* request field */

Definition at line 76 of file output-json-http.c.

◆ LOG_HTTP_RES_HEADERS

#define LOG_HTTP_RES_HEADERS   16

Definition at line 79 of file output-json-http.c.

◆ MAX_SIZE_HEADER_NAME

#define MAX_SIZE_HEADER_NAME   256

Definition at line 71 of file output-json-http.c.

◆ MAX_SIZE_HEADER_VALUE

#define MAX_SIZE_HEADER_VALUE   2048

Definition at line 72 of file output-json-http.c.

Typedef Documentation

◆ JsonHttpLogThread

◆ LogHttpFileCtx

Enumeration Type Documentation

◆ HttpField

enum HttpField
Enumerator
HTTP_FIELD_ACCEPT 
HTTP_FIELD_ACCEPT_CHARSET 
HTTP_FIELD_ACCEPT_ENCODING 
HTTP_FIELD_ACCEPT_LANGUAGE 
HTTP_FIELD_ACCEPT_DATETIME 
HTTP_FIELD_AUTHORIZATION 
HTTP_FIELD_CACHE_CONTROL 
HTTP_FIELD_COOKIE 
HTTP_FIELD_FROM 
HTTP_FIELD_MAX_FORWARDS 
HTTP_FIELD_ORIGIN 
HTTP_FIELD_PRAGMA 
HTTP_FIELD_PROXY_AUTHORIZATION 
HTTP_FIELD_RANGE 
HTTP_FIELD_TE 
HTTP_FIELD_VIA 
HTTP_FIELD_X_REQUESTED_WITH 
HTTP_FIELD_DNT 
HTTP_FIELD_X_FORWARDED_PROTO 
HTTP_FIELD_X_AUTHENTICATED_USER 
HTTP_FIELD_X_FLASH_VERSION 
HTTP_FIELD_ACCEPT_RANGES 
HTTP_FIELD_AGE 
HTTP_FIELD_ALLOW 
HTTP_FIELD_CONNECTION 
HTTP_FIELD_CONTENT_ENCODING 
HTTP_FIELD_CONTENT_LANGUAGE 
HTTP_FIELD_CONTENT_LENGTH 
HTTP_FIELD_CONTENT_LOCATION 
HTTP_FIELD_CONTENT_MD5 
HTTP_FIELD_CONTENT_RANGE 
HTTP_FIELD_CONTENT_TYPE 
HTTP_FIELD_DATE 
HTTP_FIELD_ETAG 
HTTP_FIELD_EXPIRES 
HTTP_FIELD_LAST_MODIFIED 
HTTP_FIELD_LINK 
HTTP_FIELD_LOCATION 
HTTP_FIELD_PROXY_AUTHENTICATE 
HTTP_FIELD_REFERRER 
HTTP_FIELD_REFRESH 
HTTP_FIELD_RETRY_AFTER 
HTTP_FIELD_SERVER 
HTTP_FIELD_SET_COOKIE 
HTTP_FIELD_TRAILER 
HTTP_FIELD_TRANSFER_ENCODING 
HTTP_FIELD_UPGRADE 
HTTP_FIELD_VARY 
HTTP_FIELD_WARNING 
HTTP_FIELD_WWW_AUTHENTICATE 
HTTP_FIELD_TRUE_CLIENT_IP 
HTTP_FIELD_ORG_SRC_IP 
HTTP_FIELD_X_BLUECOAT_VIA 
HTTP_FIELD_SIZE 

Definition at line 80 of file output-json-http.c.

Function Documentation

◆ EveHttpAddMetadata()

bool EveHttpAddMetadata ( const Flow f,
uint64_t  tx_id,
JsonBuilder *  js 
)

Definition at line 498 of file output-json-http.c.

◆ EveHttpLogJSONBodyBase64()

void EveHttpLogJSONBodyBase64 ( JsonBuilder *  js,
Flow f,
uint64_t  tx_id 
)

Definition at line 421 of file output-json-http.c.

◆ EveHttpLogJSONBodyPrintable()

void EveHttpLogJSONBodyPrintable ( JsonBuilder *  js,
Flow f,
uint64_t  tx_id 
)

Definition at line 390 of file output-json-http.c.

◆ JsonHttpLogRegister()

void JsonHttpLogRegister ( void  )

Definition at line 647 of file output-json-http.c.

References LOGGER_JSON_TX, and OutputRegisterTxSubModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ config_field

const char* config_field

Definition at line 138 of file output-json-http.c.

◆ flags

uint32_t flags

Definition at line 140 of file output-json-http.c.

◆ htp_field

const char* htp_field

Definition at line 139 of file output-json-http.c.

◆ http_fields

struct { ... } http_fields[]