suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
output-json.h File Reference
#include "suricata-common.h"
#include "util-buffer.h"
#include "util-logopenfile.h"
#include "output.h"
#include "app-layer-htp-xff.h"
Include dependency graph for output-json.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  JsonAddrInfo_
 
struct  OutputJSONMemBufferWrapper_
 
struct  OutputJsonCommonSettings_
 
struct  OutputJsonCtx_
 
struct  OutputJsonThreadCtx_
 

Macros

#define JSON_ADDR_LEN   46
 
#define JSON_PROTO_LEN   16
 
#define JSON_OUTPUT_BUFFER_SIZE   65535
 

Typedefs

typedef struct JsonAddrInfo_ JsonAddrInfo
 
typedef struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper
 
typedef struct OutputJsonCommonSettings_ OutputJsonCommonSettings
 
typedef struct OutputJsonCtx_ OutputJsonCtx
 
typedef struct OutputJsonThreadCtx_ OutputJsonThreadCtx
 

Enumerations

enum  OutputJsonLogDirection { LOG_DIR_PACKET = 0, LOG_DIR_FLOW, LOG_DIR_FLOW_TOCLIENT, LOG_DIR_FLOW_TOSERVER }
 

Functions

void OutputJsonRegister (void)
 
void JsonAddrInfoInit (const Packet *p, enum OutputJsonLogDirection dir, JsonAddrInfo *addr)
 
json_t * SCJsonString (const char *val)
 
void CreateEveFlowId (JsonBuilder *js, const Flow *f)
 
void EveFileInfo (JsonBuilder *js, const File *file, const uint64_t tx_id, const uint16_t flags)
 
void EveTcpFlags (uint8_t flags, JsonBuilder *js)
 jsonify tcp flags field Only add 'true' fields in an attempt to keep things reasonably compact. More...
 
void EvePacket (const Packet *p, JsonBuilder *js, uint32_t max_length)
 Jsonify a packet. More...
 
JsonBuilder * CreateEveHeader (const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx)
 
JsonBuilder * CreateEveHeaderWithTxId (const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx)
 
int OutputJSONBuffer (json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer)
 
int OutputJsonBuilderBuffer (ThreadVars *tv, const Packet *p, Flow *f, JsonBuilder *js, OutputJsonThreadCtx *ctx)
 
OutputInitResult OutputJsonInitCtx (ConfNode *)
 Create a new LogFileCtx for "fast" output style. More...
 
OutputInitResult OutputJsonLogInitSub (ConfNode *conf, OutputCtx *parent_ctx)
 
TmEcode JsonLogThreadInit (ThreadVars *t, const void *initdata, void **data)
 
TmEcode JsonLogThreadDeinit (ThreadVars *t, void *data)
 
void EveAddCommonOptions (const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, JsonBuilder *js, enum OutputJsonLogDirection dir)
 
void EveAddMetadata (const Packet *p, const Flow *f, JsonBuilder *js)
 
int OutputJSONMemBufferCallback (const char *str, size_t size, void *data)
 
OutputJsonThreadCtxCreateEveThreadCtx (ThreadVars *t, OutputJsonCtx *ctx)
 
void FreeEveThreadCtx (OutputJsonThreadCtx *ctx)
 
void JSONFormatAndAddMACAddr (JsonBuilder *js, const char *key, const uint8_t *val, bool is_array)
 

Variables

const JsonAddrInfo json_addr_info_zero
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Definition in file output-json.h.

Macro Definition Documentation

◆ JSON_ADDR_LEN

#define JSON_ADDR_LEN   46

Definition at line 44 of file output-json.h.

◆ JSON_OUTPUT_BUFFER_SIZE

#define JSON_OUTPUT_BUFFER_SIZE   65535

Definition at line 64 of file output-json.h.

◆ JSON_PROTO_LEN

#define JSON_PROTO_LEN   16

Definition at line 45 of file output-json.h.

Typedef Documentation

◆ JsonAddrInfo

typedef struct JsonAddrInfo_ JsonAddrInfo

◆ OutputJsonCommonSettings

typedef struct OutputJsonCommonSettings_ OutputJsonCommonSettings

◆ OutputJsonCtx

typedef struct OutputJsonCtx_ OutputJsonCtx

◆ OutputJSONMemBufferWrapper

typedef struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper

◆ OutputJsonThreadCtx

typedef struct OutputJsonThreadCtx_ OutputJsonThreadCtx

Enumeration Type Documentation

◆ OutputJsonLogDirection

enum OutputJsonLogDirection
Enumerator
LOG_DIR_PACKET 
LOG_DIR_FLOW 
LOG_DIR_FLOW_TOCLIENT 
LOG_DIR_FLOW_TOSERVER 

Definition at line 36 of file output-json.h.

Function Documentation

◆ CreateEveFlowId()

void CreateEveFlowId ( JsonBuilder *  js,
const Flow f 
)

Definition at line 689 of file output-json.c.

Referenced by CreateEveHeader().

Here is the caller graph for this function:

◆ CreateEveHeader()

JsonBuilder* CreateEveHeader ( const Packet p,
enum OutputJsonLogDirection  dir,
const char *  event_type,
JsonAddrInfo addr,
OutputJsonCtx eve_ctx 
)

Definition at line 806 of file output-json.c.

References CreateEveFlowId(), CreateIsoTimeString(), Packet_::flow, Packet_::ts, and unlikely.

Referenced by CreateEveHeaderWithTxId(), and RulesDumpMatchArray().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ CreateEveHeaderWithTxId()

JsonBuilder* CreateEveHeaderWithTxId ( const Packet p,
enum OutputJsonLogDirection  dir,
const char *  event_type,
JsonAddrInfo addr,
uint64_t  tx_id,
OutputJsonCtx eve_ctx 
)

Definition at line 902 of file output-json.c.

References CreateEveHeader(), and unlikely.

Referenced by RulesDumpTxMatchArray().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ CreateEveThreadCtx()

OutputJsonThreadCtx* CreateEveThreadCtx ( ThreadVars t,
OutputJsonCtx ctx 
)

Definition at line 29 of file output-json-common.c.

References OutputJsonThreadCtx_::buffer, ctx, OutputJsonThreadCtx_::ctx, OutputJsonThreadCtx_::file_ctx, ThreadVars_::id, JSON_OUTPUT_BUFFER_SIZE, LogFileEnsureExists(), MemBufferCreateNew(), MemBufferFree(), SCCalloc, SCFree, and unlikely.

Here is the call graph for this function:

◆ EveAddCommonOptions()

void EveAddCommonOptions ( const OutputJsonCommonSettings cfg,
const Packet p,
const Flow f,
JsonBuilder *  js,
enum OutputJsonLogDirection  dir 
)

Definition at line 398 of file output-json.c.

References EveAddMetadata(), OutputJsonCommonSettings_::include_ethernet, and OutputJsonCommonSettings_::include_metadata.

Here is the call graph for this function:

◆ EveAddMetadata()

void EveAddMetadata ( const Packet p,
const Flow f,
JsonBuilder *  js 
)

Definition at line 375 of file output-json.c.

References Flow_::flowvar, and Packet_::pktvar.

Referenced by EveAddCommonOptions().

Here is the caller graph for this function:

◆ EveFileInfo()

void EveFileInfo ( JsonBuilder *  js,
const File file,
const uint64_t  tx_id,
const uint16_t  flags 
)

Definition at line 124 of file output-json.c.

References File_::end, FILE_HAS_GAPS, FILE_MD5, FILE_SHA1, FILE_SHA256, FILE_STATE_CLOSED, FILE_STATE_ERROR, FILE_STATE_TRUNCATED, FILE_STORE, File_::file_store_id, FILE_STORED, FileTrackedSize(), flags, File_::flags, JB_SET_FALSE, JB_SET_STRING, JB_SET_TRUE, File_::md5, File_::name, File_::name_len, File_::sha1, File_::sha256, File_::sid, File_::sid_cnt, File_::start, and File_::state.

Here is the call graph for this function:

◆ EvePacket()

void EvePacket ( const Packet p,
JsonBuilder *  js,
uint32_t  max_length 
)

Jsonify a packet.

Parameters
pPacket
jsJSON object
max_lengthIf non-zero, restricts the number of packet data bytes handled.

Definition at line 422 of file output-json.c.

References Packet_::datalink, GET_PKT_DATA, and GET_PKT_LEN.

◆ EveTcpFlags()

void EveTcpFlags ( uint8_t  flags,
JsonBuilder *  js 
)

jsonify tcp flags field Only add 'true' fields in an attempt to keep things reasonably compact.

Definition at line 439 of file output-json.c.

References flags, JB_SET_TRUE, TH_ACK, TH_CWR, TH_ECN, TH_FIN, TH_PUSH, TH_RST, TH_SYN, and TH_URG.

◆ FreeEveThreadCtx()

void FreeEveThreadCtx ( OutputJsonThreadCtx ctx)

Definition at line 58 of file output-json-common.c.

References ctx, MemBufferFree(), and SCFree.

Referenced by JsonLogThreadDeinit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ JsonAddrInfoInit()

void JsonAddrInfoInit ( const Packet p,
enum OutputJsonLogDirection  dir,
JsonAddrInfo addr 
)

Definition at line 459 of file output-json.c.

References LOG_DIR_PACKET.

Referenced by JsonBuildFileInfoRecord().

Here is the caller graph for this function:

◆ JSONFormatAndAddMACAddr()

void JSONFormatAndAddMACAddr ( JsonBuilder *  js,
const char *  key,
const uint8_t *  val,
bool  is_array 
)

Definition at line 701 of file output-json.c.

◆ JsonLogThreadDeinit()

TmEcode JsonLogThreadDeinit ( ThreadVars t,
void *  data 
)

Definition at line 123 of file output-json-common.c.

References FreeEveThreadCtx(), and TM_ECODE_OK.

Here is the call graph for this function:

◆ JsonLogThreadInit()

TmEcode JsonLogThreadInit ( ThreadVars t,
const void *  initdata,
void **  data 
)

Definition at line 90 of file output-json-common.c.

References OutputJsonThreadCtx_::buffer, OutputJsonThreadCtx_::ctx, OutputJsonCtx_::file_ctx, OutputJsonThreadCtx_::file_ctx, ThreadVars_::id, JSON_OUTPUT_BUFFER_SIZE, LogFileEnsureExists(), MemBufferCreateNew(), MemBufferFree(), SCCalloc, SCFree, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Here is the call graph for this function:

◆ OutputJSONBuffer()

int OutputJSONBuffer ( json_t *  js,
LogFileCtx file_ctx,
MemBuffer **  buffer 
)

Definition at line 929 of file output-json.c.

References OutputJSONMemBufferWrapper_::buffer, LogFileCtx_::is_pcap_offline, LogFileCtx_::json_flags, JSON_OUTPUT_BUFFER_SIZE, LogFileWrite(), MemBufferWriteRaw(), OutputJSONMemBufferCallback(), PcapFileGetFilename(), LogFileCtx_::prefix, LogFileCtx_::prefix_len, LogFileCtx_::sensor_name, and TM_ECODE_OK.

Here is the call graph for this function:

◆ OutputJsonBuilderBuffer()

int OutputJsonBuilderBuffer ( ThreadVars tv,
const Packet p,
Flow f,
JsonBuilder *  js,
OutputJsonThreadCtx ctx 
)

Definition at line 958 of file output-json.c.

References ctx, LogFileCtx_::is_pcap_offline, PcapFileGetFilename(), SCEveRunCallbacks(), LogFileCtx_::sensor_name, and tv.

Here is the call graph for this function:

◆ OutputJsonInitCtx()

OutputInitResult OutputJsonInitCtx ( ConfNode conf)

Create a new LogFileCtx for "fast" output style.

Parameters
confThe configuration node for this output.
Returns
A LogFileCtx pointer on success, NULL on failure.

Definition at line 1073 of file output-json.c.

References ConfGet(), ConfNodeLookupChildValue(), OutputCtx_::data, OutputCtx_::DeInit, OutputJsonCtx_::file_ctx, LogFileNewCtx(), SCCalloc, SCLogDebug, SCLogWarning, SCStrdup, LogFileCtx_::sensor_name, and unlikely.

Referenced by OutputJsonRegister().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OutputJsonLogInitSub()

OutputInitResult OutputJsonLogInitSub ( ConfNode conf,
OutputCtx parent_ctx 
)

Definition at line 73 of file output-json-common.c.

References OutputCtx_::data, OutputCtx_::DeInit, SCCalloc, and unlikely.

Referenced by JsonArpLogRegister(), JsonFlowLogRegister(), JsonMetadataLogRegister(), JsonNetFlowLogRegister(), and OutputRegisterLoggers().

Here is the caller graph for this function:

◆ OutputJSONMemBufferCallback()

int OutputJSONMemBufferCallback ( const char *  str,
size_t  size,
void *  data 
)

Definition at line 915 of file output-json.c.

References OutputJSONMemBufferWrapper_::buffer, DEBUG_VALIDATE_BUG_ON, OutputJSONMemBufferWrapper_::expand_by, MEMBUFFER_OFFSET, MEMBUFFER_SIZE, MemBufferExpand(), MemBufferWriteRaw(), and str.

Referenced by OutputJSONBuffer().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OutputJsonRegister()

void OutputJsonRegister ( void  )

Definition at line 83 of file output-json.c.

References MODULE_NAME, OutputJsonInitCtx(), and OutputRegisterModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SCJsonString()

json_t* SCJsonString ( const char *  val)

Definition at line 96 of file output-json.c.

References MAX_JSON_SIZE, offset, and PrintBufferData.

Variable Documentation

◆ json_addr_info_zero

const JsonAddrInfo json_addr_info_zero

Definition at line 81 of file output-json.c.

Referenced by JsonBuildFileInfoRecord().