suricata
output-json.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Tom DeCanio <td@npulsetech.com>
22  */
23 
24 #ifndef __OUTPUT_JSON_H__
25 #define __OUTPUT_JSON_H__
26 
27 #include "suricata-common.h"
28 #include "util-buffer.h"
29 #include "util-logopenfile.h"
30 #include "output.h"
31 
32 #include "app-layer-htp-xff.h"
33 
34 void OutputJsonRegister(void);
35 
36 #ifdef HAVE_LIBJANSSON
37 
38 enum OutputJsonLogDirection {
39  LOG_DIR_PACKET = 0,
40  LOG_DIR_FLOW,
41  LOG_DIR_FLOW_TOCLIENT,
42  LOG_DIR_FLOW_TOSERVER,
43 };
44 
45 /* helper struct for OutputJSONMemBufferCallback */
46 typedef struct OutputJSONMemBufferWrapper_ {
47  MemBuffer **buffer; /**< buffer to use & expand as needed */
48  size_t expand_by; /**< expand by this size */
49 } OutputJSONMemBufferWrapper;
50 
51 int OutputJSONMemBufferCallback(const char *str, size_t size, void *data);
52 
53 void CreateJSONFlowId(json_t *js, const Flow *f);
54 void JsonTcpFlags(uint8_t flags, json_t *js);
55 void JsonPacket(const Packet *p, json_t *js, unsigned long max_length);
56 void JsonFiveTuple(const Packet *, enum OutputJsonLogDirection, json_t *);
57 json_t *CreateJSONHeader(const Packet *p,
58  enum OutputJsonLogDirection dir, const char *event_type);
59 json_t *CreateJSONHeaderWithTxId(const Packet *p,
60  enum OutputJsonLogDirection dir, const char *event_type, uint64_t tx_id);
61 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer **buffer);
62 OutputInitResult OutputJsonInitCtx(ConfNode *);
63 
64 OutputInitResult OutputJsonLogInitSub(ConfNode *conf, OutputCtx *parent_ctx);
65 TmEcode JsonLogThreadInit(ThreadVars *t, const void *initdata, void **data);
66 TmEcode JsonLogThreadDeinit(ThreadVars *t, void *data);
67 
68 typedef struct OutputJsonCommonSettings_ {
69  bool include_metadata;
70  bool include_community_id;
71  uint16_t community_id_seed;
72 } OutputJsonCommonSettings;
73 
74 /*
75  * Global configuration context data
76  */
77 typedef struct OutputJsonCtx_ {
78  LogFileCtx *file_ctx;
79  enum LogFileType json_out;
80  OutputJsonCommonSettings cfg;
81  HttpXFFCfg *xff_cfg;
82 } OutputJsonCtx;
83 
84 typedef struct OutputJsonThreadCtx_ {
85  OutputJsonCtx *ctx;
86  MemBuffer *buffer;
87 } OutputJsonThreadCtx;
88 
89 json_t *SCJsonBool(int val);
90 json_t *SCJsonString(const char *val);
91 void SCJsonDecref(json_t *js);
92 
93 void JsonAddCommonOptions(const OutputJsonCommonSettings *cfg,
94  const Packet *p, const Flow *f, json_t *js);
95 
96 #endif /* HAVE_LIBJANSSON */
97 
98 #endif /* __OUTPUT_JSON_H__ */
flags
uint16_t flags
Definition: app-layer-dns-common.h:246
OutputCtx_
Definition: tm-modules.h:78
event_type
uint32_t event_type
Definition: alert-unified2-alert.c:84
LogFileType
LogFileType
Definition: util-logopenfile.h:40
HttpXFFCfg_
Definition: app-layer-htp-xff.h:41
OutputInitResult_
Definition: output.h:41
str
#define str(s)
Definition: suricata-common.h:258
OutputJsonRegister
void OutputJsonRegister(void)
Definition: output-json.c:77
Packet_
Definition: decode.h:405
ConfNode_
Definition: conf.h:32
tx_id
uint16_t tx_id
Definition: app-layer-dns-common.h:245
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
MemBuffer_
Definition: util-buffer.h:27
Flow_
Flow data structure.
Definition: flow.h:325
LogFileCtx_
Definition: util-logopenfile.h:52