#include "suricata-common.h"#include "util-buffer.h"#include "util-logopenfile.h"#include "output.h"#include "output-eve-bindgen.h"#include "app-layer-htp-xff.h"
Go to the source code of this file.
Data Structures | |
| struct | JsonAddrInfo_ |
| struct | OutputJSONMemBufferWrapper_ |
| struct | OutputJsonCommonSettings_ |
| struct | OutputJsonCtx_ |
| struct | OutputJsonThreadCtx_ |
Macros | |
| #define | JSON_ADDR_LEN 46 |
| #define | JSON_PROTO_LEN 16 |
| #define | JSON_OUTPUT_BUFFER_SIZE 65535 |
Typedefs | |
| typedef struct JsonAddrInfo_ | JsonAddrInfo |
| typedef struct OutputJSONMemBufferWrapper_ | OutputJSONMemBufferWrapper |
| typedef struct OutputJsonCommonSettings_ | OutputJsonCommonSettings |
| typedef struct OutputJsonCtx_ | OutputJsonCtx |
| typedef struct OutputJsonThreadCtx_ | OutputJsonThreadCtx |
Functions | |
| void | OutputJsonRegister (void) |
| void | JsonAddrInfoInit (const Packet *p, enum SCOutputJsonLogDirection dir, JsonAddrInfo *addr) |
| json_t * | SCJsonString (const char *val) |
| void | CreateEveFlowId (SCJsonBuilder *js, const Flow *f) |
| void | EveFileInfo (SCJsonBuilder *js, const File *file, const uint64_t tx_id, const uint16_t flags) |
| void | EveTcpFlags (uint8_t flags, SCJsonBuilder *js) |
| jsonify tcp flags field Only add 'true' fields in an attempt to keep things reasonably compact. More... | |
| void | EvePacket (const Packet *p, SCJsonBuilder *js, uint32_t max_length) |
| Jsonify a packet. More... | |
| SCJsonBuilder * | CreateEveHeader (const Packet *p, enum SCOutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx) |
| SCJsonBuilder * | CreateEveHeaderWithTxId (const Packet *p, enum SCOutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx) |
| int | OutputJSONBuffer (json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer) |
| void | OutputJsonBuilderBuffer (ThreadVars *tv, const Packet *p, Flow *f, SCJsonBuilder *js, OutputJsonThreadCtx *ctx) |
| OutputInitResult | OutputJsonInitCtx (SCConfNode *) |
| Create a new LogFileCtx for "fast" output style. More... | |
| OutputInitResult | OutputJsonLogInitSub (SCConfNode *conf, OutputCtx *parent_ctx) |
| TmEcode | JsonLogThreadInit (ThreadVars *t, const void *initdata, void **data) |
| TmEcode | JsonLogThreadDeinit (ThreadVars *t, void *data) |
| void | EveAddCommonOptions (const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, SCJsonBuilder *js, enum SCOutputJsonLogDirection dir) |
| int | OutputJsonLogFlush (ThreadVars *tv, void *thread_data, const Packet *p) |
| void | EveAddMetadata (const Packet *p, const Flow *f, SCJsonBuilder *js) |
| int | OutputJSONMemBufferCallback (const char *str, size_t size, void *data) |
| OutputJsonThreadCtx * | CreateEveThreadCtx (ThreadVars *t, OutputJsonCtx *ctx) |
| void | FreeEveThreadCtx (OutputJsonThreadCtx *ctx) |
| void | JSONFormatAndAddMACAddr (SCJsonBuilder *js, const char *key, const uint8_t *val, bool is_array) |
| void | OutputJsonFlush (OutputJsonThreadCtx *ctx) |
Variables | |
| const JsonAddrInfo | json_addr_info_zero |
Detailed Description
Definition in file output-json.h.
Macro Definition Documentation
◆ JSON_ADDR_LEN
| #define JSON_ADDR_LEN 46 |
Definition at line 38 of file output-json.h.
◆ JSON_OUTPUT_BUFFER_SIZE
| #define JSON_OUTPUT_BUFFER_SIZE 65535 |
Definition at line 57 of file output-json.h.
◆ JSON_PROTO_LEN
| #define JSON_PROTO_LEN 16 |
Definition at line 39 of file output-json.h.
Typedef Documentation
◆ JsonAddrInfo
| typedef struct JsonAddrInfo_ JsonAddrInfo |
◆ OutputJsonCommonSettings
| typedef struct OutputJsonCommonSettings_ OutputJsonCommonSettings |
◆ OutputJsonCtx
| typedef struct OutputJsonCtx_ OutputJsonCtx |
◆ OutputJSONMemBufferWrapper
| typedef struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper |
◆ OutputJsonThreadCtx
| typedef struct OutputJsonThreadCtx_ OutputJsonThreadCtx |
Function Documentation
◆ CreateEveFlowId()
| void CreateEveFlowId | ( | SCJsonBuilder * | js, |
| const Flow * | f | ||
| ) |
Definition at line 700 of file output-json.c.
Referenced by CreateEveHeader().
◆ CreateEveHeader()
| SCJsonBuilder* CreateEveHeader | ( | const Packet * | p, |
| enum SCOutputJsonLogDirection | dir, | ||
| const char * | event_type, | ||
| JsonAddrInfo * | addr, | ||
| OutputJsonCtx * | eve_ctx | ||
| ) |
Definition at line 834 of file output-json.c.
References CreateEveFlowId(), CreateIsoTimeString(), Packet_::flow, Packet_::ts, and unlikely.
Referenced by CreateEveHeaderWithTxId(), and RulesDumpMatchArray().
◆ CreateEveHeaderWithTxId()
| SCJsonBuilder* CreateEveHeaderWithTxId | ( | const Packet * | p, |
| enum SCOutputJsonLogDirection | dir, | ||
| const char * | event_type, | ||
| JsonAddrInfo * | addr, | ||
| uint64_t | tx_id, | ||
| OutputJsonCtx * | eve_ctx | ||
| ) |
Definition at line 930 of file output-json.c.
References CreateEveHeader(), and unlikely.
Referenced by RulesDumpTxMatchArray().
◆ CreateEveThreadCtx()
| OutputJsonThreadCtx* CreateEveThreadCtx | ( | ThreadVars * | t, |
| OutputJsonCtx * | ctx | ||
| ) |
Definition at line 29 of file output-json-common.c.
References OutputJsonThreadCtx_::buffer, ctx, OutputJsonThreadCtx_::ctx, OutputJsonThreadCtx_::file_ctx, ThreadVars_::id, JSON_OUTPUT_BUFFER_SIZE, LogFileEnsureExists(), MemBufferCreateNew(), MemBufferFree(), SCCalloc, SCFree, and unlikely.
◆ EveAddCommonOptions()
| void EveAddCommonOptions | ( | const OutputJsonCommonSettings * | cfg, |
| const Packet * | p, | ||
| const Flow * | f, | ||
| SCJsonBuilder * | js, | ||
| enum SCOutputJsonLogDirection | dir | ||
| ) |
Definition at line 398 of file output-json.c.
References EveAddMetadata(), OutputJsonCommonSettings_::include_ethernet, OutputJsonCommonSettings_::include_metadata, OutputJsonCommonSettings_::include_suricata_version, and PROG_VER.
◆ EveAddMetadata()
Definition at line 375 of file output-json.c.
References Flow_::flowvar, and Packet_::pktvar.
Referenced by EveAddCommonOptions().
◆ EveFileInfo()
| void EveFileInfo | ( | SCJsonBuilder * | js, |
| const File * | file, | ||
| const uint64_t | tx_id, | ||
| const uint16_t | flags | ||
| ) |
Definition at line 124 of file output-json.c.
References File_::end, FILE_HAS_GAPS, FILE_MD5, FILE_SHA1, FILE_SHA256, FILE_STATE_CLOSED, FILE_STATE_ERROR, FILE_STATE_TRUNCATED, FILE_STORE, File_::file_store_id, FILE_STORED, FileTrackedSize(), flags, File_::flags, JB_SET_FALSE, JB_SET_STRING, JB_SET_TRUE, File_::md5, File_::name, File_::name_len, File_::sha1, File_::sha256, File_::sid, File_::sid_cnt, File_::start, and File_::state.
◆ EvePacket()
| void EvePacket | ( | const Packet * | p, |
| SCJsonBuilder * | js, | ||
| uint32_t | max_length | ||
| ) |
Jsonify a packet.
- Parameters
-
p Packet js JSON object max_length If non-zero, restricts the number of packet data bytes handled.
Definition at line 425 of file output-json.c.
References Packet_::datalink, DatalinkValueToName(), GET_PKT_DATA, and GET_PKT_LEN.
◆ EveTcpFlags()
| void EveTcpFlags | ( | uint8_t | flags, |
| SCJsonBuilder * | js | ||
| ) |
◆ FreeEveThreadCtx()
| void FreeEveThreadCtx | ( | OutputJsonThreadCtx * | ctx | ) |
Definition at line 58 of file output-json-common.c.
References ctx, MemBufferFree(), and SCFree.
Referenced by JsonLogThreadDeinit().
◆ JsonAddrInfoInit()
| void JsonAddrInfoInit | ( | const Packet * | p, |
| enum SCOutputJsonLogDirection | dir, | ||
| JsonAddrInfo * | addr | ||
| ) |
Definition at line 470 of file output-json.c.
References LOG_DIR_PACKET.
Referenced by JsonBuildFileInfoRecord().
◆ JSONFormatAndAddMACAddr()
| void JSONFormatAndAddMACAddr | ( | SCJsonBuilder * | js, |
| const char * | key, | ||
| const uint8_t * | val, | ||
| bool | is_array | ||
| ) |
Definition at line 712 of file output-json.c.
◆ JsonLogThreadDeinit()
| TmEcode JsonLogThreadDeinit | ( | ThreadVars * | t, |
| void * | data | ||
| ) |
Definition at line 132 of file output-json-common.c.
References FreeEveThreadCtx(), and TM_ECODE_OK.
◆ JsonLogThreadInit()
| TmEcode JsonLogThreadInit | ( | ThreadVars * | t, |
| const void * | initdata, | ||
| void ** | data | ||
| ) |
Definition at line 99 of file output-json-common.c.
References OutputJsonThreadCtx_::buffer, OutputJsonThreadCtx_::ctx, OutputJsonCtx_::file_ctx, OutputJsonThreadCtx_::file_ctx, ThreadVars_::id, JSON_OUTPUT_BUFFER_SIZE, LogFileEnsureExists(), MemBufferCreateNew(), MemBufferFree(), SCCalloc, SCFree, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
◆ OutputJSONBuffer()
| int OutputJSONBuffer | ( | json_t * | js, |
| LogFileCtx * | file_ctx, | ||
| MemBuffer ** | buffer | ||
| ) |
Definition at line 957 of file output-json.c.
References OutputJSONMemBufferWrapper_::buffer, LogFileCtx_::is_pcap_offline, LogFileCtx_::json_flags, JSON_OUTPUT_BUFFER_SIZE, LogFileWrite(), MemBufferWriteRaw(), OutputJSONMemBufferCallback(), PcapFileGetFilename(), LogFileCtx_::prefix, LogFileCtx_::prefix_len, LogFileCtx_::sensor_name, and TM_ECODE_OK.
◆ OutputJsonBuilderBuffer()
| void OutputJsonBuilderBuffer | ( | ThreadVars * | tv, |
| const Packet * | p, | ||
| Flow * | f, | ||
| SCJsonBuilder * | js, | ||
| OutputJsonThreadCtx * | ctx | ||
| ) |
Definition at line 992 of file output-json.c.
References ctx, LogFileCtx_::is_pcap_offline, PcapFileGetFilename(), SCEveRunCallbacks(), LogFileCtx_::sensor_name, and tv.
◆ OutputJsonFlush()
| void OutputJsonFlush | ( | OutputJsonThreadCtx * | ctx | ) |
Definition at line 986 of file output-json.c.
References ctx, and LogFileFlush().
◆ OutputJsonInitCtx()
| OutputInitResult OutputJsonInitCtx | ( | SCConfNode * | conf | ) |
Create a new LogFileCtx for "fast" output style.
- Parameters
-
conf The configuration node for this output.
- Returns
- A LogFileCtx pointer on success, NULL on failure.
Definition at line 1118 of file output-json.c.
References OutputCtx_::data, OutputCtx_::DeInit, OutputJsonCtx_::file_ctx, LogFileNewCtx(), SCCalloc, SCConfGet(), SCConfNodeLookupChildValue(), SCLogDebug, SCLogWarning, SCStrdup, LogFileCtx_::sensor_name, and unlikely.
Referenced by OutputJsonRegister().
◆ OutputJsonLogFlush()
| int OutputJsonLogFlush | ( | ThreadVars * | tv, |
| void * | thread_data, | ||
| const Packet * | p | ||
| ) |
Definition at line 73 of file output-json-common.c.
References OutputJsonThreadCtx_::ctx, OutputJsonCtx_::file_ctx, LogFileCtx_::filename, LogFileFlush(), ThreadVars_::name, SCLogDebug, and tv.
◆ OutputJsonLogInitSub()
| OutputInitResult OutputJsonLogInitSub | ( | SCConfNode * | conf, |
| OutputCtx * | parent_ctx | ||
| ) |
Definition at line 82 of file output-json-common.c.
References OutputCtx_::data, OutputCtx_::DeInit, SCCalloc, and unlikely.
Referenced by JsonFlowLogRegister(), JsonNetFlowLogRegister(), and OutputRegisterLoggers().
◆ OutputJSONMemBufferCallback()
| int OutputJSONMemBufferCallback | ( | const char * | str, |
| size_t | size, | ||
| void * | data | ||
| ) |
Definition at line 943 of file output-json.c.
References OutputJSONMemBufferWrapper_::buffer, DEBUG_VALIDATE_BUG_ON, OutputJSONMemBufferWrapper_::expand_by, MEMBUFFER_OFFSET, MEMBUFFER_SIZE, MemBufferExpand(), MemBufferWriteRaw(), and str.
Referenced by OutputJSONBuffer().
◆ OutputJsonRegister()
| void OutputJsonRegister | ( | void | ) |
Definition at line 83 of file output-json.c.
References MODULE_NAME, OutputJsonInitCtx(), and OutputRegisterModule().
Referenced by OutputRegisterLoggers().
◆ SCJsonString()
| json_t* SCJsonString | ( | const char * | val | ) |
Definition at line 96 of file output-json.c.
References MAX_JSON_SIZE, offset, and PrintBufferData.
Variable Documentation
◆ json_addr_info_zero
| const JsonAddrInfo json_addr_info_zero |
Definition at line 81 of file output-json.c.
Referenced by JsonBuildFileInfoRecord().
