suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
output-json.h File Reference
#include "suricata-common.h"
#include "util-buffer.h"
#include "util-logopenfile.h"
#include "output.h"
#include "app-layer-htp-xff.h"
Include dependency graph for output-json.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  JsonAddrInfo_
 
struct  OutputJSONMemBufferWrapper_
 
struct  OutputJsonCommonSettings_
 
struct  OutputJsonCtx_
 
struct  OutputJsonThreadCtx_
 

Macros

#define JSON_ADDR_LEN   46
 
#define JSON_PROTO_LEN   16
 
#define JSON_OUTPUT_BUFFER_SIZE   65535
 

Typedefs

typedef struct JsonAddrInfo_ JsonAddrInfo
 
typedef struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper
 
typedef struct OutputJsonCommonSettings_ OutputJsonCommonSettings
 
typedef struct OutputJsonCtx_ OutputJsonCtx
 
typedef struct OutputJsonThreadCtx_ OutputJsonThreadCtx
 

Enumerations

enum  OutputJsonLogDirection { LOG_DIR_PACKET = 0, LOG_DIR_FLOW, LOG_DIR_FLOW_TOCLIENT, LOG_DIR_FLOW_TOSERVER }
 

Functions

void OutputJsonRegister (void)
 
void JsonAddrInfoInit (const Packet *p, enum OutputJsonLogDirection dir, JsonAddrInfo *addr)
 
json_t * SCJsonString (const char *val)
 
void CreateEveFlowId (JsonBuilder *js, const Flow *f)
 
void EveFileInfo (JsonBuilder *js, const File *file, const uint64_t tx_id, const uint16_t flags)
 
void EveTcpFlags (uint8_t flags, JsonBuilder *js)
 jsonify tcp flags field Only add 'true' fields in an attempt to keep things reasonably compact. More...
 
void EvePacket (const Packet *p, JsonBuilder *js, unsigned long max_length)
 Jsonify a packet. More...
 
JsonBuilder * CreateEveHeader (const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, OutputJsonCtx *eve_ctx)
 
JsonBuilder * CreateEveHeaderWithTxId (const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, JsonAddrInfo *addr, uint64_t tx_id, OutputJsonCtx *eve_ctx)
 
int OutputJSONBuffer (json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer)
 
int OutputJsonBuilderBuffer (JsonBuilder *js, OutputJsonThreadCtx *ctx)
 
OutputInitResult OutputJsonInitCtx (ConfNode *)
 Create a new LogFileCtx for "fast" output style. More...
 
OutputInitResult OutputJsonLogInitSub (ConfNode *conf, OutputCtx *parent_ctx)
 
TmEcode JsonLogThreadInit (ThreadVars *t, const void *initdata, void **data)
 
TmEcode JsonLogThreadDeinit (ThreadVars *t, void *data)
 
void EveAddCommonOptions (const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, JsonBuilder *js)
 
void EveAddMetadata (const Packet *p, const Flow *f, JsonBuilder *js)
 
int OutputJSONMemBufferCallback (const char *str, size_t size, void *data)
 
OutputJsonThreadCtxCreateEveThreadCtx (ThreadVars *t, OutputJsonCtx *ctx)
 
void FreeEveThreadCtx (OutputJsonThreadCtx *ctx)
 

Variables

const JsonAddrInfo json_addr_info_zero
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Definition in file output-json.h.

Macro Definition Documentation

◆ JSON_ADDR_LEN

#define JSON_ADDR_LEN   46

Definition at line 44 of file output-json.h.

◆ JSON_OUTPUT_BUFFER_SIZE

#define JSON_OUTPUT_BUFFER_SIZE   65535

Definition at line 62 of file output-json.h.

◆ JSON_PROTO_LEN

#define JSON_PROTO_LEN   16

Definition at line 45 of file output-json.h.

Typedef Documentation

◆ JsonAddrInfo

typedef struct JsonAddrInfo_ JsonAddrInfo

◆ OutputJsonCommonSettings

typedef struct OutputJsonCommonSettings_ OutputJsonCommonSettings

◆ OutputJsonCtx

typedef struct OutputJsonCtx_ OutputJsonCtx

◆ OutputJSONMemBufferWrapper

typedef struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper

◆ OutputJsonThreadCtx

typedef struct OutputJsonThreadCtx_ OutputJsonThreadCtx

Enumeration Type Documentation

◆ OutputJsonLogDirection

enum OutputJsonLogDirection
Enumerator
LOG_DIR_PACKET 
LOG_DIR_FLOW 
LOG_DIR_FLOW_TOCLIENT 
LOG_DIR_FLOW_TOSERVER 

Definition at line 36 of file output-json.h.

Function Documentation

◆ CreateEveFlowId()

void CreateEveFlowId ( JsonBuilder *  js,
const Flow f 
)

Definition at line 705 of file output-json.c.

Referenced by CreateEveHeader().

Here is the caller graph for this function:

◆ CreateEveHeader()

JsonBuilder* CreateEveHeader ( const Packet p,
enum OutputJsonLogDirection  dir,
const char *  event_type,
JsonAddrInfo addr,
OutputJsonCtx eve_ctx 
)

Definition at line 787 of file output-json.c.

References CreateEveFlowId(), CreateIsoTimeString(), Packet_::flow, Packet_::ts, and unlikely.

Referenced by CreateEveHeaderWithTxId(), and RulesDumpMatchArray().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ CreateEveHeaderWithTxId()

JsonBuilder* CreateEveHeaderWithTxId ( const Packet p,
enum OutputJsonLogDirection  dir,
const char *  event_type,
JsonAddrInfo addr,
uint64_t  tx_id,
OutputJsonCtx eve_ctx 
)

Definition at line 873 of file output-json.c.

References CreateEveHeader(), and unlikely.

Referenced by RulesDumpTxMatchArray().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ CreateEveThreadCtx()

OutputJsonThreadCtx* CreateEveThreadCtx ( ThreadVars t,
OutputJsonCtx ctx 
)

Definition at line 29 of file output-json-common.c.

References OutputJsonThreadCtx_::buffer, OutputJsonThreadCtx_::ctx, OutputJsonCtx_::file_ctx, OutputJsonThreadCtx_::file_ctx, ThreadVars_::id, JSON_OUTPUT_BUFFER_SIZE, LogFileEnsureExists(), MemBufferCreateNew(), MemBufferFree(), SCCalloc, SCFree, and unlikely.

Here is the call graph for this function:

◆ EveAddCommonOptions()

void EveAddCommonOptions ( const OutputJsonCommonSettings cfg,
const Packet p,
const Flow f,
JsonBuilder *  js 
)

Definition at line 416 of file output-json.c.

References EveAddMetadata(), OutputJsonCommonSettings_::include_ethernet, and OutputJsonCommonSettings_::include_metadata.

Here is the call graph for this function:

◆ EveAddMetadata()

void EveAddMetadata ( const Packet p,
const Flow f,
JsonBuilder *  js 
)

Definition at line 393 of file output-json.c.

References Flow_::flowvar, and Packet_::pktvar.

Referenced by EveAddCommonOptions().

Here is the caller graph for this function:

◆ EveFileInfo()

void EveFileInfo ( JsonBuilder *  js,
const File file,
const uint64_t  tx_id,
const uint16_t  flags 
)

Definition at line 132 of file output-json.c.

References File_::end, FILE_HAS_GAPS, FILE_MD5, FILE_SHA1, FILE_SHA256, FILE_STATE_CLOSED, FILE_STATE_ERROR, FILE_STATE_TRUNCATED, FILE_STORE, File_::file_store_id, FILE_STORED, FileTrackedSize(), flags, File_::flags, JB_SET_FALSE, JB_SET_STRING, JB_SET_TRUE, File_::md5, File_::name, File_::name_len, File_::sha1, File_::sha256, File_::sid, File_::sid_cnt, File_::start, and File_::state.

Here is the call graph for this function:

◆ EvePacket()

void EvePacket ( const Packet p,
JsonBuilder *  js,
unsigned long  max_length 
)

Jsonify a packet.

Parameters
pPacket
jsJSON object
max_lengthIf non-zero, restricts the number of packet data bytes handled.

Definition at line 440 of file output-json.c.

References Packet_::datalink, GET_PKT_DATA, and GET_PKT_LEN.

◆ EveTcpFlags()

void EveTcpFlags ( uint8_t  flags,
JsonBuilder *  js 
)

jsonify tcp flags field Only add 'true' fields in an attempt to keep things reasonably compact.

Definition at line 457 of file output-json.c.

References flags, JB_SET_TRUE, TH_ACK, TH_CWR, TH_ECN, TH_FIN, TH_PUSH, TH_RST, TH_SYN, and TH_URG.

◆ FreeEveThreadCtx()

void FreeEveThreadCtx ( OutputJsonThreadCtx ctx)

Definition at line 58 of file output-json-common.c.

References OutputJsonThreadCtx_::buffer, MemBufferFree(), and SCFree.

Referenced by JsonLogThreadDeinit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ JsonAddrInfoInit()

void JsonAddrInfoInit ( const Packet p,
enum OutputJsonLogDirection  dir,
JsonAddrInfo addr 
)

Definition at line 477 of file output-json.c.

References DEBUG_VALIDATE_BUG_ON, JsonAddrInfo_::dp, Packet_::dp, JsonAddrInfo_::dst_ip, GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, IP_GET_IPPROTO, IPPROTO_SCTP, JSON_ADDR_LEN, known_proto, LOG_DIR_FLOW, LOG_DIR_FLOW_TOCLIENT, LOG_DIR_FLOW_TOSERVER, LOG_DIR_PACKET, PKT_IS_IPV4, PKT_IS_IPV6, PKT_IS_TOCLIENT, PKT_IS_TOSERVER, PrintInet(), JsonAddrInfo_::proto, Packet_::proto, SCProtoNameValid(), JsonAddrInfo_::sp, Packet_::sp, JsonAddrInfo_::src_ip, and strlcpy().

Referenced by JsonBuildFileInfoRecord().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ JsonLogThreadDeinit()

TmEcode JsonLogThreadDeinit ( ThreadVars t,
void *  data 
)

Definition at line 123 of file output-json-common.c.

References FreeEveThreadCtx(), and TM_ECODE_OK.

Here is the call graph for this function:

◆ JsonLogThreadInit()

TmEcode JsonLogThreadInit ( ThreadVars t,
const void *  initdata,
void **  data 
)

Definition at line 90 of file output-json-common.c.

References OutputJsonThreadCtx_::buffer, OutputJsonThreadCtx_::ctx, OutputJsonCtx_::file_ctx, OutputJsonThreadCtx_::file_ctx, ThreadVars_::id, JSON_OUTPUT_BUFFER_SIZE, LogFileEnsureExists(), MemBufferCreateNew(), MemBufferFree(), SCCalloc, SCFree, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Here is the call graph for this function:

◆ OutputJSONBuffer()

int OutputJSONBuffer ( json_t *  js,
LogFileCtx file_ctx,
MemBuffer **  buffer 
)

Definition at line 899 of file output-json.c.

References OutputJSONMemBufferWrapper_::buffer, LogFileCtx_::is_pcap_offline, LogFileCtx_::json_flags, JSON_OUTPUT_BUFFER_SIZE, LogFileWrite(), MemBufferWriteRaw(), OutputJSONMemBufferCallback(), PcapFileGetFilename(), LogFileCtx_::prefix, LogFileCtx_::prefix_len, LogFileCtx_::sensor_name, and TM_ECODE_OK.

Here is the call graph for this function:

◆ OutputJsonBuilderBuffer()

int OutputJsonBuilderBuffer ( JsonBuilder *  js,
OutputJsonThreadCtx ctx 
)

Definition at line 928 of file output-json.c.

References OutputJsonThreadCtx_::buffer, OutputJsonThreadCtx_::file_ctx, LogFileCtx_::is_pcap_offline, PcapFileGetFilename(), and LogFileCtx_::sensor_name.

Here is the call graph for this function:

◆ OutputJsonInitCtx()

OutputInitResult OutputJsonInitCtx ( ConfNode conf)

Create a new LogFileCtx for "fast" output style.

Parameters
confThe configuration node for this output.
Returns
A LogFileCtx pointer on success, NULL on failure.

Definition at line 1037 of file output-json.c.

References ConfGet(), ConfNodeLookupChildValue(), OutputCtx_::data, OutputCtx_::DeInit, OutputJsonCtx_::file_ctx, LogFileNewCtx(), SCCalloc, SCLogDebug, SCLogWarning, SCStrdup, LogFileCtx_::sensor_name, and unlikely.

Referenced by OutputJsonRegister().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OutputJsonLogInitSub()

OutputInitResult OutputJsonLogInitSub ( ConfNode conf,
OutputCtx parent_ctx 
)

Definition at line 73 of file output-json-common.c.

References OutputCtx_::data, OutputCtx_::DeInit, SCCalloc, and unlikely.

Referenced by JsonFlowLogRegister(), JsonMetadataLogRegister(), JsonNetFlowLogRegister(), and OutputRegisterLoggers().

Here is the caller graph for this function:

◆ OutputJSONMemBufferCallback()

int OutputJSONMemBufferCallback ( const char *  str,
size_t  size,
void *  data 
)

Definition at line 886 of file output-json.c.

References OutputJSONMemBufferWrapper_::buffer, OutputJSONMemBufferWrapper_::expand_by, MEMBUFFER_OFFSET, MEMBUFFER_SIZE, MemBufferExpand(), MemBufferWriteRaw(), and str.

Referenced by OutputJSONBuffer().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OutputJsonRegister()

void OutputJsonRegister ( void  )

Definition at line 91 of file output-json.c.

References MODULE_NAME, OutputJsonInitCtx(), and OutputRegisterModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ SCJsonString()

json_t* SCJsonString ( const char *  val)

Definition at line 104 of file output-json.c.

References MAX_JSON_SIZE, offset, and PrintBufferData.

Variable Documentation

◆ json_addr_info_zero

const JsonAddrInfo json_addr_info_zero

Definition at line 89 of file output-json.c.

Referenced by JsonBuildFileInfoRecord().