suricata
output-json.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  */
23 
24 #ifndef __OUTPUT_JSON_H__
25 #define __OUTPUT_JSON_H__
26 
27 #include "suricata-common.h"
28 #include "util-buffer.h"
29 #include "util-logopenfile.h"
30 #include "output.h"
31 
32 #include "app-layer-htp-xff.h"
33 
34 void OutputJsonRegister(void);
35 
36 enum OutputJsonLogDirection {
37  LOG_DIR_PACKET = 0,
38  LOG_DIR_FLOW,
39  LOG_DIR_FLOW_TOCLIENT,
40  LOG_DIR_FLOW_TOSERVER,
41 };
42 
43 /* Suggested output buffer size */
44 #define JSON_OUTPUT_BUFFER_SIZE 65535
45 
46 /* helper struct for OutputJSONMemBufferCallback */
47 typedef struct OutputJSONMemBufferWrapper_ {
48  MemBuffer **buffer; /**< buffer to use & expand as needed */
49  size_t expand_by; /**< expand by this size */
50 } OutputJSONMemBufferWrapper;
51 
52 int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
53 
54 void CreateJSONFlowId(json_t *js, const Flow *f);
55 void JsonTcpFlags(uint8_t flags, json_t *js);
56 void JsonPacket(const Packet *p, json_t *js, unsigned long max_length);
57 void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *);
58 json_t *CreateJSONHeader(const Packet *p,
59  enum OutputJsonLogDirection dir, const char *event_type);
60 json_t *CreateJSONHeaderWithTxId(const Packet *p,
61  enum OutputJsonLogDirection dir, const char *event_type, uint64_t tx_id);
62 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
63 OutputInitResult OutputJsonInitCtx(ConfNode *);
64 
65 OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
66 TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
67 TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
68 
69 typedef struct OutputJsonCommonSettings_ {
70  bool include_metadata;
71  bool include_community_id;
72  uint16_t community_id_seed;
73 } OutputJsonCommonSettings;
74 
75 /*
76  * Global configuration context data
77  */
78 typedef struct OutputJsonCtx_ {
79  LogFileCtx *file_ctx;
80  enum LogFileType json_out;
81  OutputJsonCommonSettings cfg;
82  HttpXFFCfg *xff_cfg;
83 } OutputJsonCtx;
84 
85 typedef struct OutputJsonThreadCtx_ {
86  OutputJsonCtx *ctx;
87  MemBuffer *buffer;
88 } OutputJsonThreadCtx;
89 
90 json_t *SCJsonBool(int val);
91 json_t *SCJsonString(const char *val);
92 json_t *JsonAddStringN(const char *string, size_t size);
93 void SCJsonDecref(json_t *js);
94 
95 void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg,
96  const Packet *p, const Flow *f, json_t *js);
97 
98 #endif /* __OUTPUT_JSON_H__ */
OutputJsonCtx_::xff_cfg
HttpXFFCfg * xff_cfg
Definition: output-json.h:82
OutputJsonCommonSettings
struct OutputJsonCommonSettings_ OutputJsonCommonSettings
OutputJsonThreadCtx_::ctx
OutputJsonCtx * ctx
Definition: output-json.h:86
SCJsonString
json_t * SCJsonString(const char *val)
Definition: output-json.c:107
OutputJsonCtx_::cfg
OutputJsonCommonSettings cfg
Definition: output-json.h:81
OutputJsonCtx
struct OutputJsonCtx_ OutputJsonCtx
OutputJsonLogInitSub
OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx)
Definition: output-json-common.c:50
CreateJSONHeaderWithTxId
json_t * CreateJSONHeaderWithTxId(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type, uint64_t tx_id)
Definition: output-json.c:783
OutputJsonCtx_
Definition: output-json.h:78
Flow_
Flow data structure.
Definition: flow.h:340
OutputJsonCommonSettings_
Definition: output-json.h:69
LogFileCtx_
Definition: util-logopenfile.h:52
OutputJsonCtx_::json_out
enum LogFileType json_out
Definition: output-json.h:80
OutputJsonCommonSettings_::include_community_id
bool include_community_id
Definition: output-json.h:71
OutputJSONMemBufferWrapper_::buffer
MemBuffer ** buffer
Definition: output-json.h:48
JsonTcpFlags
void JsonTcpFlags(uint8_t flags, json_t *js)
jsonify tcp flags field Only add 'true' fields in an attempt to keep things reasonably compact.
Definition: output-json.c:428
JsonLogThreadDeinit
TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data)
Definition: output-json-common.c:97
OutputCtx_
Definition: tm-modules.h:78
OutputJsonThreadCtx
struct OutputJsonThreadCtx_ OutputJsonThreadCtx
app-layer-htp-xff.h
OutputJsonThreadCtx_
Definition: output-json.h:85
SCJsonDecref
void SCJsonDecref(json_t *js)
Definition: output-json.c:102
JsonFiveTuple
void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *)
Add five tuple from packet to JSON object.
Definition: output-json.c:455
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
CreateJSONHeader
json_t * CreateJSONHeader(const Packet *p, enum OutputJsonLogDirection dir, const char *event_type)
Definition: output-json.c:710
CreateJSONFlowId
void CreateJSONFlowId(json_t *js, const Flow *f)
Definition: output-json.c:699
JsonPacket
void JsonPacket(const Packet *p, json_t *js, unsigned long max_length)
Jsonify a packet.
Definition: output-json.c:408
Packet_
Definition: decode.h:408
OutputJSONMemBufferWrapper_
Definition: output-json.h:47
TmEcode
TmEcode
Definition: tm-threads-common.h:77
HttpXFFCfg_
Definition: app-layer-htp-xff.h:41
LOG_DIR_FLOW_TOCLIENT
@ LOG_DIR_FLOW_TOCLIENT
Definition: output-json.h:39
MemBuffer_
Definition: util-buffer.h:27
JsonAddCommonOptions
void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg, const Packet *p, const Flow *f, json_t *js)
Definition: output-json.c:390
OutputJsonCommonSettings_::include_metadata
bool include_metadata
Definition: output-json.h:70
SCJsonBool
json_t * SCJsonBool(int val)
Definition: output-json.c:93
OutputInitResult_
Definition: output.h:41
OutputJsonThreadCtx_::buffer
MemBuffer * buffer
Definition: output-json.h:87
LOG_DIR_PACKET
@ LOG_DIR_PACKET
Definition: output-json.h:37
flags
uint8_t flags
Definition: decode-gre.h:2
suricata-common.h
OutputJSONMemBufferWrapper_::expand_by
size_t expand_by
Definition: output-json.h:49
OutputJsonLogDirection
OutputJsonLogDirection
Definition: output-json.h:36
OutputJsonRegister
void OutputJsonRegister(void)
Definition: output-json.c:85
LOG_DIR_FLOW
@ LOG_DIR_FLOW
Definition: output-json.h:38
str
#define str(s)
Definition: suricata-common.h:256
LOG_DIR_FLOW_TOSERVER
@ LOG_DIR_FLOW_TOSERVER
Definition: output-json.h:40
ConfNode_
Definition: conf.h:32
util-logopenfile.h
util-buffer.h
JsonAddStringN
json_t * JsonAddStringN(const char *string, size_t size)
Create a JSON string from a character sequence.
Definition: output-json.c:142
OutputJsonCtx_::file_ctx
LogFileCtx * file_ctx
Definition: output-json.h:79
LogFileType
LogFileType
Definition: util-logopenfile.h:40
OutputJSONBuffer
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer)
Definition: output-json.c:809
OutputJsonCommonSettings_::community_id_seed
uint16_t community_id_seed
Definition: output-json.h:72
OutputJSONMemBufferWrapper
struct OutputJSONMemBufferWrapper_ OutputJSONMemBufferWrapper
OutputJsonInitCtx
OutputInitResult OutputJsonInitCtx(ConfNode *)
Create a new LogFileCtx for "fast" output style.
Definition: output-json.c:843
OutputJSONMemBufferCallback
int OutputJSONMemBufferCallback(const char *str, size_t size, void *data)
Definition: output-json.c:796
output.h
JsonLogThreadInit
TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data)
Definition: output-json-common.c:75