output-json_8h_source.html

 /* Copyright (C) 2007-2013 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
  * Software Foundation.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * version 2 along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  * 02110-1301, USA.
  */

 /**
  * \file
  *
  * \author Tom DeCanio <td@npulsetech.com>
  */

 #ifndef __OUTPUT_JSON_H__
 #define __OUTPUT_JSON_H__

 #include "suricata-common.h"
 #include "util-buffer.h"
 #include "util-logopenfile.h"
 #include "output.h"

 #include "app-layer-htp-xff.h"

 void OutputJsonRegister(void);

 enum OutputJsonLogDirection {
     LOG_DIR_PACKET = 0,
     LOG_DIR_FLOW,
     LOG_DIR_FLOW_TOCLIENT,
     LOG_DIR_FLOW_TOSERVER,
 };

 /* Suggested output buffer size */
 #define JSON_OUTPUT_BUFFER_SIZE 65535

 /* helper struct for OutputJSONMemBufferCallback */
 typedef struct OutputJSONMemBufferWrapper_ {
     MemBuffer **buffer; /**< buffer to use & expand as needed */
     size_t expand_by;   /**< expand by this size */
 } OutputJSONMemBufferWrapper;

 int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);

 void CreateJSONFlowId(json_t *js, const Flow *f);
 void JsonTcpFlags(uint8_t flags, json_t *js);
 void JsonPacket(const Packet *p, json_t *js, unsigned long max_length);
 void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *);
 json_t *CreateJSONHeader(const Packet *p,
         enum OutputJsonLogDirection dir, const char *event_type);
 json_t *CreateJSONHeaderWithTxId(const Packet *p,
         enum OutputJsonLogDirection dir, const char *event_type, uint64_t tx_id);
 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
 OutputInitResult OutputJsonInitCtx(ConfNode *);

 OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
 TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
 TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);

 typedef struct OutputJsonCommonSettings_ {
     bool include_metadata;
     bool include_community_id;
     uint16_t community_id_seed;
 } OutputJsonCommonSettings;

 /*
  * Global configuration context data
  */
 typedef struct OutputJsonCtx_ {
     LogFileCtx *file_ctx;
     enum LogFileType json_out;
     OutputJsonCommonSettings cfg;
     HttpXFFCfg *xff_cfg;
 } OutputJsonCtx;

 typedef struct OutputJsonThreadCtx_ {
     OutputJsonCtx *ctx;
     MemBuffer *buffer;
 } OutputJsonThreadCtx;

 json_t *SCJsonBool(int val);
 json_t *SCJsonString(const char *val);
 json_t *JsonAddStringN(const char *string, size_t size);
 void SCJsonDecref(json_t *js);

 void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg,
         const Packet *p, const Flow *f, json_t *js);

 #endif /* __OUTPUT_JSON_H__ */
flags
uint16_t flags
Definition: app-layer-dns-common.h:269

OutputJsonThreadCtx_::ctx
OutputJsonCtx * ctx
Definition: output-json.h:86

OutputJsonCommonSettings_
Definition: output-json.h:69

output.h

OutputJsonCommonSettings_::include_community_id
bool include_community_id
Definition: output-json.h:71

OutputJSONBuffer
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer)
Definition: output-json.c:809

OutputCtx_
Definition: tm-modules.h:78

event_type
uint32_t event_type
Definition: alert-unified2-alert.c:84

OutputJSONMemBufferWrapper_::buffer
MemBuffer ** buffer
Definition: output-json.h:48

JsonAddCommonOptions
void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, json_t *js)
Definition: output-json.c:390

LOG_DIR_PACKET
Definition: output-json.h:37

LogFileType
LogFileType
Definition: util-logopenfile.h:40

SCJsonDecref
void SCJsonDecref(json_t *js)
Definition: output-json.c:102

OutputJsonInitCtx
OutputInitResult OutputJsonInitCtx(ConfNode *)
Create a new LogFileCtx for "fast" output style.
Definition: output-json.c:843

HttpXFFCfg_
Definition: app-layer-htp-xff.h:41

SCJsonString
json_t * SCJsonString(const char *val)
Definition: output-json.c:107

OutputJsonCtx_::xff_cfg
HttpXFFCfg * xff_cfg
Definition: output-json.h:82

OutputInitResult_
Definition: output.h:41

CreateJSONHeaderWithTxId
json_t * CreateJSONHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, uint64_t tx_id)
Definition: output-json.c:783

OutputJsonCommonSettings_::community_id_seed
uint16_t community_id_seed
Definition: output-json.h:72

str
#define str(s)
Definition: suricata-common.h:256

app-layer-htp-xff.h

OutputJsonRegister
void OutputJsonRegister(void)
Definition: output-json.c:85

LOG_DIR_FLOW_TOSERVER
Definition: output-json.h:40

OutputJsonLogInitSub
OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
Definition: output-json-common.c:50

TmEcode
TmEcode
Definition: tm-threads-common.h:77

OutputJsonCtx_::cfg
OutputJsonCommonSettings cfg
Definition: output-json.h:81

OutputJsonCtx_::file_ctx
LogFileCtx * file_ctx
Definition: output-json.h:79

suricata-common.h

OutputJsonThreadCtx_
Definition: output-json.h:85

OutputJSONMemBufferWrapper_::expand_by
size_t expand_by
Definition: output-json.h:49

Packet_
Definition: decode.h:407

OutputJsonCommonSettings_::include_metadata
bool include_metadata
Definition: output-json.h:70

ConfNode_
Definition: conf.h:32

OutputJSONMemBufferWrapper
struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper

util-logopenfile.h

tx_id
uint16_t tx_id
Definition: app-layer-dns-common.h:268

SCJsonBool
json_t * SCJsonBool(int val)
Definition: output-json.c:93

OutputJSONMemBufferCallback
int OutputJSONMemBufferCallback(const char *str, size_t size, void *data)
Definition: output-json.c:796

JsonLogThreadInit
TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data)
Definition: output-json-common.c:75

OutputJsonThreadCtx_::buffer
MemBuffer * buffer
Definition: output-json.h:87

OutputJsonCtx
struct OutputJsonCtx_ OutputJsonCtx

LOG_DIR_FLOW_TOCLIENT
Definition: output-json.h:39

JsonTcpFlags
void JsonTcpFlags(uint8_t flags, json_t *js)
jsonify tcp flags field Only add &#39;true&#39; fields in an attempt to keep things reasonably compact...
Definition: output-json.c:428

CreateJSONHeader
json_t * CreateJSONHeader(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type)
Definition: output-json.c:710

OutputJsonThreadCtx
struct OutputJsonThreadCtx_ OutputJsonThreadCtx

OutputJSONMemBufferWrapper_
Definition: output-json.h:47

JsonFiveTuple
void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *)
Add five tuple from packet to JSON object.
Definition: output-json.c:455

JsonLogThreadDeinit
TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data)
Definition: output-json-common.c:97

CreateJSONFlowId
void CreateJSONFlowId(json_t *js, const Flow *f)
Definition: output-json.c:699

OutputJsonCtx_
Definition: output-json.h:78

LOG_DIR_FLOW
Definition: output-json.h:38

ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57

JsonAddStringN
json_t * JsonAddStringN(const char *string, size_t size)
Create a JSON string from a character sequence.
Definition: output-json.c:142

MemBuffer_
Definition: util-buffer.h:27

OutputJsonLogDirection
OutputJsonLogDirection
Definition: output-json.h:36

Flow_
Flow data structure.
Definition: flow.h:325

LogFileCtx_
Definition: util-logopenfile.h:52

OutputJsonCommonSettings
struct OutputJsonCommonSettings_ OutputJsonCommonSettings

JsonPacket
void JsonPacket(const Packet *p, json_t *js, unsigned long max_length)
Jsonify a packet.
Definition: output-json.c:408

util-buffer.h