suricata
output-json.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  */
23 
24 #ifndef __OUTPUT_JSON_H__
25 #define __OUTPUT_JSON_H__
26 
27 #include "suricata-common.h"
28 #include "util-buffer.h"
29 #include "util-logopenfile.h"
30 #include "output.h"
31 
32 #include "app-layer-htp-xff.h"
33 
34 void OutputJsonRegister(void);
35 
36 #ifdef HAVE_LIBJANSSON
37 
38 enum OutputJsonLogDirection {
39  LOG_DIR_PACKET = 0,
40  LOG_DIR_FLOW,
41  LOG_DIR_FLOW_TOCLIENT,
42  LOG_DIR_FLOW_TOSERVER,
43 };
44 
45 /* helper struct for OutputJSONMemBufferCallback */
46 typedef struct OutputJSONMemBufferWrapper_ {
47  MemBuffer **buffer; /**< buffer to use & expand as needed */
48  size_t expand_by; /**< expand by this size */
49 } OutputJSONMemBufferWrapper;
50 
51 int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
52 
53 void CreateJSONFlowId(json_t *js, const Flow *f);
54 void JsonTcpFlags(uint8_t flags, json_t *js);
55 void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *);
56 json_t *CreateJSONHeader(const Packet *p,
57  enum OutputJsonLogDirection dir, const char *event_type);
58 json_t *CreateJSONHeaderWithTxId(const Packet *p,
59  enum OutputJsonLogDirection dir, const char *event_type, uint64_t tx_id);
60 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
61 OutputInitResult OutputJsonInitCtx(ConfNode *);
62 
63 OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
64 TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
65 TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
66 
67 typedef struct OutputJsonCommonSettings_ {
68  bool include_metadata;
69  bool include_community_id;
70  uint16_t community_id_seed;
71 } OutputJsonCommonSettings;
72 
73 /*
74  * Global configuration context data
75  */
76 typedef struct OutputJsonCtx_ {
77  LogFileCtx *file_ctx;
78  enum LogFileType json_out;
79  OutputJsonCommonSettings cfg;
80  HttpXFFCfg *xff_cfg;
81 } OutputJsonCtx;
82 
83 typedef struct OutputJsonThreadCtx_ {
84  OutputJsonCtx *ctx;
85  MemBuffer *buffer;
86 } OutputJsonThreadCtx;
87 
88 json_t *SCJsonBool(int val);
89 json_t *SCJsonString(const char *val);
90 void SCJsonDecref(json_t *js);
91 
92 void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg,
93  const Packet *p, const Flow *f, json_t *js);
94 
95 #endif /* HAVE_LIBJANSSON */
96 
97 #endif /* __OUTPUT_JSON_H__ */
flags
uint16_t flags
Definition: app-layer-dns-common.h:246
OutputCtx_
Definition: tm-modules.h:78
event_type
uint32_t event_type
Definition: alert-unified2-alert.c:84
LogFileType
LogFileType
Definition: util-logopenfile.h:40
HttpXFFCfg_
Definition: app-layer-htp-xff.h:41
OutputInitResult_
Definition: output.h:41
str
#define str(s)
Definition: suricata-common.h:258
OutputJsonRegister
void OutputJsonRegister(void)
Definition: output-json.c:77
Packet_
Definition: decode.h:405
ConfNode_
Definition: conf.h:32
tx_id
uint16_t tx_id
Definition: app-layer-dns-common.h:245
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
MemBuffer_
Definition: util-buffer.h:27
Flow_
Flow data structure.
Definition: flow.h:325
LogFileCtx_
Definition: util-logopenfile.h:52