suricata
output-json-http.c File Reference
#include "suricata-common.h"
#include "debug.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "app-layer-htp.h"
#include "app-layer-htp-file.h"
#include "app-layer-htp-xff.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
#include "util-crypt.h"
#include "output-json.h"
#include "output-json-alert.h"
#include "output-json-http.h"
#include "util-byte.h"
Include dependency graph for output-json-http.c:

Go to the source code of this file.

Data Structures

struct  LogHttpFileCtx_
 
struct  JsonHttpLogThread_
 

Macros

#define MAX_SIZE_HEADER_NAME   256
 
#define MAX_SIZE_HEADER_VALUE   2048
 
#define LOG_HTTP_DEFAULT   0
 
#define LOG_HTTP_EXTENDED   1
 
#define LOG_HTTP_REQUEST   2 /* request field */
 
#define LOG_HTTP_ARRAY   4 /* require array handling */
 
#define LOG_HTTP_REQ_HEADERS   8
 
#define LOG_HTTP_RES_HEADERS   16
 
#define DEFAULT_LOG_FILENAME   "http.json"
 

Typedefs

typedef struct LogHttpFileCtx_ LogHttpFileCtx
 
typedef struct JsonHttpLogThread_ JsonHttpLogThread
 

Enumerations

enum  HttpField {
  HTTP_FIELD_ACCEPT = 0, HTTP_FIELD_ACCEPT_CHARSET, HTTP_FIELD_ACCEPT_ENCODING, HTTP_FIELD_ACCEPT_LANGUAGE,
  HTTP_FIELD_ACCEPT_DATETIME, HTTP_FIELD_AUTHORIZATION, HTTP_FIELD_CACHE_CONTROL, HTTP_FIELD_COOKIE,
  HTTP_FIELD_FROM, HTTP_FIELD_MAX_FORWARDS, HTTP_FIELD_ORIGIN, HTTP_FIELD_PRAGMA,
  HTTP_FIELD_PROXY_AUTHORIZATION, HTTP_FIELD_RANGE, HTTP_FIELD_TE, HTTP_FIELD_VIA,
  HTTP_FIELD_X_REQUESTED_WITH, HTTP_FIELD_DNT, HTTP_FIELD_X_FORWARDED_PROTO, HTTP_FIELD_X_AUTHENTICATED_USER,
  HTTP_FIELD_X_FLASH_VERSION, HTTP_FIELD_ACCEPT_RANGES, HTTP_FIELD_AGE, HTTP_FIELD_ALLOW,
  HTTP_FIELD_CONNECTION, HTTP_FIELD_CONTENT_ENCODING, HTTP_FIELD_CONTENT_LANGUAGE, HTTP_FIELD_CONTENT_LENGTH,
  HTTP_FIELD_CONTENT_LOCATION, HTTP_FIELD_CONTENT_MD5, HTTP_FIELD_CONTENT_RANGE, HTTP_FIELD_CONTENT_TYPE,
  HTTP_FIELD_DATE, HTTP_FIELD_ETAG, HTTP_FIELD_EXPIRES, HTTP_FIELD_LAST_MODIFIED,
  HTTP_FIELD_LINK, HTTP_FIELD_LOCATION, HTTP_FIELD_PROXY_AUTHENTICATE, HTTP_FIELD_REFERRER,
  HTTP_FIELD_REFRESH, HTTP_FIELD_RETRY_AFTER, HTTP_FIELD_SERVER, HTTP_FIELD_SET_COOKIE,
  HTTP_FIELD_TRAILER, HTTP_FIELD_TRANSFER_ENCODING, HTTP_FIELD_UPGRADE, HTTP_FIELD_VARY,
  HTTP_FIELD_WARNING, HTTP_FIELD_WWW_AUTHENTICATE, HTTP_FIELD_TRUE_CLIENT_IP, HTTP_FIELD_ORG_SRC_IP,
  HTTP_FIELD_X_BLUECOAT_VIA, HTTP_FIELD_SIZE
}
 

Functions

void JsonHttpLogJSONBodyPrintable (json_t *js, Flow *f, uint64_t tx_id)
 
void JsonHttpLogJSONBodyBase64 (json_t *js, Flow *f, uint64_t tx_id)
 
json_t * JsonHttpAddMetadata (const Flow *f, uint64_t tx_id)
 
void JsonHttpLogRegister (void)
 

Variables

struct {
   const char *   config_field
 
   const char *   htp_field
 
   uint32_t   flags
 
http_fields []
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Implements HTTP JSON logging portion of the engine.

Definition in file output-json-http.c.

Macro Definition Documentation

#define DEFAULT_LOG_FILENAME   "http.json"

Definition at line 597 of file output-json-http.c.

#define LOG_HTTP_ARRAY   4 /* require array handling */

Definition at line 81 of file output-json-http.c.

#define LOG_HTTP_DEFAULT   0

Definition at line 78 of file output-json-http.c.

#define LOG_HTTP_EXTENDED   1

Definition at line 79 of file output-json-http.c.

Referenced by JsonHttpLogJSONBodyBase64().

#define LOG_HTTP_REQ_HEADERS   8

Definition at line 82 of file output-json-http.c.

Referenced by JsonHttpLogJSONBodyBase64().

#define LOG_HTTP_REQUEST   2 /* request field */

Definition at line 80 of file output-json-http.c.

#define LOG_HTTP_RES_HEADERS   16

Definition at line 83 of file output-json-http.c.

Referenced by JsonHttpLogJSONBodyBase64().

#define MAX_SIZE_HEADER_NAME   256

Definition at line 75 of file output-json-http.c.

#define MAX_SIZE_HEADER_VALUE   2048

Definition at line 76 of file output-json-http.c.

Typedef Documentation

Enumeration Type Documentation

enum HttpField
Enumerator
HTTP_FIELD_ACCEPT 
HTTP_FIELD_ACCEPT_CHARSET 
HTTP_FIELD_ACCEPT_ENCODING 
HTTP_FIELD_ACCEPT_LANGUAGE 
HTTP_FIELD_ACCEPT_DATETIME 
HTTP_FIELD_AUTHORIZATION 
HTTP_FIELD_CACHE_CONTROL 
HTTP_FIELD_COOKIE 
HTTP_FIELD_FROM 
HTTP_FIELD_MAX_FORWARDS 
HTTP_FIELD_ORIGIN 
HTTP_FIELD_PRAGMA 
HTTP_FIELD_PROXY_AUTHORIZATION 
HTTP_FIELD_RANGE 
HTTP_FIELD_TE 
HTTP_FIELD_VIA 
HTTP_FIELD_X_REQUESTED_WITH 
HTTP_FIELD_DNT 
HTTP_FIELD_X_FORWARDED_PROTO 
HTTP_FIELD_X_AUTHENTICATED_USER 
HTTP_FIELD_X_FLASH_VERSION 
HTTP_FIELD_ACCEPT_RANGES 
HTTP_FIELD_AGE 
HTTP_FIELD_ALLOW 
HTTP_FIELD_CONNECTION 
HTTP_FIELD_CONTENT_ENCODING 
HTTP_FIELD_CONTENT_LANGUAGE 
HTTP_FIELD_CONTENT_LENGTH 
HTTP_FIELD_CONTENT_LOCATION 
HTTP_FIELD_CONTENT_MD5 
HTTP_FIELD_CONTENT_RANGE 
HTTP_FIELD_CONTENT_TYPE 
HTTP_FIELD_DATE 
HTTP_FIELD_ETAG 
HTTP_FIELD_EXPIRES 
HTTP_FIELD_LAST_MODIFIED 
HTTP_FIELD_LINK 
HTTP_FIELD_LOCATION 
HTTP_FIELD_PROXY_AUTHENTICATE 
HTTP_FIELD_REFERRER 
HTTP_FIELD_REFRESH 
HTTP_FIELD_RETRY_AFTER 
HTTP_FIELD_SERVER 
HTTP_FIELD_SET_COOKIE 
HTTP_FIELD_TRAILER 
HTTP_FIELD_TRANSFER_ENCODING 
HTTP_FIELD_UPGRADE 
HTTP_FIELD_VARY 
HTTP_FIELD_WARNING 
HTTP_FIELD_WWW_AUTHENTICATE 
HTTP_FIELD_TRUE_CLIENT_IP 
HTTP_FIELD_ORG_SRC_IP 
HTTP_FIELD_X_BLUECOAT_VIA 
HTTP_FIELD_SIZE 

Definition at line 85 of file output-json-http.c.

Function Documentation

json_t* JsonHttpAddMetadata ( const Flow f,
uint64_t  tx_id 
)

Definition at line 565 of file output-json-http.c.

References ALPROTO_HTTP, AppLayerParserGetTx(), OutputCtx_::data, LogHttpFileCtx_::file_ctx, FlowGetAppState(), LogFileFreeCtx(), SCFree, unlikely, and LogHttpFileCtx_::xff_cfg.

Referenced by AlertJsonHeader(), and JsonBuildFileInfoRecord().

Here is the call graph for this function:

Here is the caller graph for this function:

void JsonHttpLogJSONBodyPrintable ( json_t *  js,
Flow f,
uint64_t  tx_id 
)

Definition at line 440 of file output-json-http.c.

References ALPROTO_HTTP, AppLayerParserGetTx(), Base64Encode(), StreamingBuffer_::buf, FlowGetAppState(), len, HtpTxUserData_::request_body, HtpTxUserData_::response_body, HtpBody_::sb, SC_BASE64_OK, and StreamingBufferGetData().

Referenced by AlertJsonHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

void JsonHttpLogRegister ( void  )

Definition at line 802 of file output-json-http.c.

References ALPROTO_HTTP, LOGGER_JSON_HTTP, OutputRegisterTxModule(), and OutputRegisterTxSubModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

const char* config_field

Definition at line 143 of file output-json-http.c.

uint32_t flags

Definition at line 145 of file output-json-http.c.

const char* htp_field

Definition at line 144 of file output-json-http.c.

struct { ... } http_fields[]