suricata
|
#include "suricata-common.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-time.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "app-layer-parser.h"
#include "output.h"
#include "app-layer-ssl.h"
#include "app-layer.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-logopenfile.h"
#include "util-ja3.h"
#include "output-json.h"
#include "output-json-tls.h"
Go to the source code of this file.
Data Structures | |
struct | TlsFields |
struct | OutputTlsCtx_ |
struct | JsonTlsLogThread_ |
Macros | |
#define | MODULE_NAME "LogTlsLog" |
#define | DEFAULT_LOG_FILENAME "tls.json" |
#define | LOG_TLS_DEFAULT 0 |
#define | LOG_TLS_EXTENDED (1 << 0) |
#define | LOG_TLS_CUSTOM (1 << 1) |
#define | LOG_TLS_SESSION_RESUMPTION (1 << 2) |
#define | LOG_TLS_FIELD_VERSION (1 << 0) |
#define | LOG_TLS_FIELD_SUBJECT (1 << 1) |
#define | LOG_TLS_FIELD_ISSUER (1 << 2) |
#define | LOG_TLS_FIELD_SERIAL (1 << 3) |
#define | LOG_TLS_FIELD_FINGERPRINT (1 << 4) |
#define | LOG_TLS_FIELD_NOTBEFORE (1 << 5) |
#define | LOG_TLS_FIELD_NOTAFTER (1 << 6) |
#define | LOG_TLS_FIELD_SNI (1 << 7) |
#define | LOG_TLS_FIELD_CERTIFICATE (1 << 8) |
#define | LOG_TLS_FIELD_CHAIN (1 << 9) |
#define | LOG_TLS_FIELD_SESSION_RESUMED (1 << 10) |
#define | LOG_TLS_FIELD_JA3 (1 << 11) |
#define | LOG_TLS_FIELD_JA3S (1 << 12) |
#define | LOG_TLS_FIELD_CLIENT (1 << 13) |
#define | LOG_TLS_FIELD_CLIENT_CERT (1 << 14) |
#define | LOG_TLS_FIELD_CLIENT_CHAIN (1 << 15) |
Typedefs | |
typedef struct OutputTlsCtx_ | OutputTlsCtx |
typedef struct JsonTlsLogThread_ | JsonTlsLogThread |
Functions | |
SC_ATOMIC_EXTERN (unsigned int, cert_id) | |
void | JsonTlsLogJSONBasic (JsonBuilder *js, SSLState *ssl_state) |
void | JsonTlsLogJSONExtended (JsonBuilder *tjs, SSLState *state) |
void | JsonTlsLogRegister (void) |
Variables | |
TlsFields | tls_fields [] |
Implements TLS JSON logging portion of the engine.
Definition in file output-json-tls.c.
#define DEFAULT_LOG_FILENAME "tls.json" |
Definition at line 57 of file output-json-tls.c.
#define LOG_TLS_CUSTOM (1 << 1) |
Definition at line 61 of file output-json-tls.c.
#define LOG_TLS_DEFAULT 0 |
Definition at line 59 of file output-json-tls.c.
#define LOG_TLS_EXTENDED (1 << 0) |
Definition at line 60 of file output-json-tls.c.
#define LOG_TLS_FIELD_CERTIFICATE (1 << 8) |
Definition at line 72 of file output-json-tls.c.
#define LOG_TLS_FIELD_CHAIN (1 << 9) |
Definition at line 73 of file output-json-tls.c.
#define LOG_TLS_FIELD_CLIENT (1 << 13) |
client fields (issuer, subject, etc)
Definition at line 77 of file output-json-tls.c.
#define LOG_TLS_FIELD_CLIENT_CERT (1 << 14) |
Definition at line 78 of file output-json-tls.c.
#define LOG_TLS_FIELD_CLIENT_CHAIN (1 << 15) |
Definition at line 79 of file output-json-tls.c.
#define LOG_TLS_FIELD_FINGERPRINT (1 << 4) |
Definition at line 68 of file output-json-tls.c.
#define LOG_TLS_FIELD_ISSUER (1 << 2) |
Definition at line 66 of file output-json-tls.c.
#define LOG_TLS_FIELD_JA3 (1 << 11) |
Definition at line 75 of file output-json-tls.c.
#define LOG_TLS_FIELD_JA3S (1 << 12) |
Definition at line 76 of file output-json-tls.c.
#define LOG_TLS_FIELD_NOTAFTER (1 << 6) |
Definition at line 70 of file output-json-tls.c.
#define LOG_TLS_FIELD_NOTBEFORE (1 << 5) |
Definition at line 69 of file output-json-tls.c.
#define LOG_TLS_FIELD_SERIAL (1 << 3) |
Definition at line 67 of file output-json-tls.c.
#define LOG_TLS_FIELD_SESSION_RESUMED (1 << 10) |
Definition at line 74 of file output-json-tls.c.
#define LOG_TLS_FIELD_SNI (1 << 7) |
Definition at line 71 of file output-json-tls.c.
#define LOG_TLS_FIELD_SUBJECT (1 << 1) |
Definition at line 65 of file output-json-tls.c.
#define LOG_TLS_FIELD_VERSION (1 << 0) |
Definition at line 64 of file output-json-tls.c.
#define LOG_TLS_SESSION_RESUMPTION (1 << 2) |
Definition at line 62 of file output-json-tls.c.
#define MODULE_NAME "LogTlsLog" |
Definition at line 56 of file output-json-tls.c.
typedef struct JsonTlsLogThread_ JsonTlsLogThread |
typedef struct OutputTlsCtx_ OutputTlsCtx |
void JsonTlsLogJSONBasic | ( | JsonBuilder * | js, |
SSLState * | ssl_state | ||
) |
Definition at line 317 of file output-json-tls.c.
Referenced by JsonTlsLogJSONExtended().
void JsonTlsLogJSONExtended | ( | JsonBuilder * | tjs, |
SSLState * | state | ||
) |
Definition at line 395 of file output-json-tls.c.
References JsonTlsLogJSONBasic().
void JsonTlsLogRegister | ( | void | ) |
Definition at line 649 of file output-json-tls.c.
References LOGGER_JSON_TX, and OutputRegisterTxSubModuleWithProgress().
Referenced by OutputRegisterLoggers().
SC_ATOMIC_EXTERN | ( | unsigned int | , |
cert_id | |||
) |
TlsFields tls_fields[] |
Definition at line 85 of file output-json-tls.c.