aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/output-json.c
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/output-json.c')
-rw-r--r--framework/src/suricata/src/output-json.c118
1 files changed, 81 insertions, 37 deletions
diff --git a/framework/src/suricata/src/output-json.c b/framework/src/suricata/src/output-json.c
index 74289f1b..9cc9bd94 100644
--- a/framework/src/suricata/src/output-json.c
+++ b/framework/src/suricata/src/output-json.c
@@ -119,10 +119,6 @@ void OutputJsonRegisterTests (void)
#define OUTPUT_BUFFER_SIZE 65535
-#ifndef OS_WIN32
-static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL;
-#endif /* OS_WIN32 */
-
TmEcode OutputJson (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
TmEcode OutputJsonThreadInit(ThreadVars *, void *, void **);
TmEcode OutputJsonThreadDeinit(ThreadVars *, void *);
@@ -327,48 +323,51 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensitive, char *event_type)
return js;
}
+json_t *CreateJSONHeaderWithTxId(Packet *p, int direction_sensitive, char *event_type, uint32_t tx_id)
+{
+ json_t *js = CreateJSONHeader(p, direction_sensitive, event_type);
+ if (unlikely(js == NULL))
+ return NULL;
+
+ /* tx id for correlation with other events */
+ json_object_set_new(js, "tx_id", json_integer(tx_id));
+
+ return js;
+}
+
+static int MemBufferCallback(const char *str, size_t size, void *data)
+{
+ MemBuffer *memb = data;
+#if 0 // can't expand, need a MemBuffer **
+ /* since we can have many threads, the buffer might not be big enough.
+ * * Expand if necessary. */
+ if (MEMBUFFER_OFFSET(memb) + size > MEMBUFFER_SIZE(memb)) {
+ MemBufferExpand(&memb, OUTPUT_BUFFER_SIZE);
+ }
+#endif
+ MemBufferWriteString(memb, "%s", str);
+ return 0;
+}
+
int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer *buffer)
{
- char *js_s = json_dumps(js,
- JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
+ if (file_ctx->sensor_name) {
+ json_object_set_new(js, "host",
+ json_string(file_ctx->sensor_name));
+ }
+
+ int r = json_dump_callback(js, MemBufferCallback, buffer,
+ JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
#ifdef JSON_ESCAPE_SLASH
JSON_ESCAPE_SLASH
#else
0
#endif
);
- if (unlikely(js_s == NULL))
+ if (r != 0)
return TM_ECODE_OK;
- SCMutexLock(&file_ctx->fp_mutex);
- if (file_ctx->type == LOGFILE_TYPE_SYSLOG)
- {
- if (file_ctx->prefix != NULL)
- {
- syslog(alert_syslog_level, "%s%s", file_ctx->prefix, js_s);
- }
- else
- {
- syslog(alert_syslog_level, "%s", js_s);
- }
- }
- else if (file_ctx->type == LOGFILE_TYPE_FILE ||
- file_ctx->type == LOGFILE_TYPE_UNIX_DGRAM ||
- file_ctx->type == LOGFILE_TYPE_UNIX_STREAM)
- {
- if (file_ctx->prefix != NULL)
- {
- MemBufferWriteString(buffer, "%s%s\n", file_ctx->prefix, js_s);
- }
- else
- {
- MemBufferWriteString(buffer, "%s\n", js_s);
- }
- file_ctx->Write((const char *)MEMBUFFER_BUFFER(buffer),
- MEMBUFFER_OFFSET(buffer), file_ctx);
- }
- SCMutexUnlock(&file_ctx->fp_mutex);
- free(js_s);
+ LogFileWrite(file_ctx, buffer);
return 0;
}
@@ -425,6 +424,9 @@ void OutputJsonExitPrintStats(ThreadVars *tv, void *data)
OutputCtx *OutputJsonInitCtx(ConfNode *conf)
{
OutputJsonCtx *json_ctx = SCCalloc(1, sizeof(OutputJsonCtx));;
+
+ const char *sensor_name = ConfNodeLookupChildValue(conf, "sensor-name");
+
if (unlikely(json_ctx == NULL)) {
SCLogDebug("AlertJsonInitCtx: Could not create new LogFileCtx");
return NULL;
@@ -437,6 +439,17 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
return NULL;
}
+ if (sensor_name) {
+ json_ctx->file_ctx->sensor_name = SCStrdup(sensor_name);
+ if (json_ctx->file_ctx->sensor_name == NULL) {
+ LogFileFreeCtx(json_ctx->file_ctx);
+ SCFree(json_ctx);
+ return NULL;
+ }
+ } else {
+ json_ctx->file_ctx->sensor_name = NULL;
+ }
+
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL)) {
LogFileFreeCtx(json_ctx->file_ctx);
@@ -465,6 +478,14 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
json_ctx->json_out = LOGFILE_TYPE_UNIX_DGRAM;
} else if (strcmp(output_s, "unix_stream") == 0) {
json_ctx->json_out = LOGFILE_TYPE_UNIX_STREAM;
+ } else if (strcmp(output_s, "redis") == 0) {
+#ifdef HAVE_LIBHIREDIS
+ json_ctx->json_out = LOGFILE_TYPE_REDIS;
+#else
+ SCLogError(SC_ERR_INVALID_ARGUMENT,
+ "redis JSON output option is not compiled");
+ exit(EXIT_FAILURE);
+#endif
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Invalid JSON output option: %s", output_s);
@@ -526,7 +547,7 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
if (level_s != NULL) {
int level = SCMapEnumNameToValue(level_s, SCSyslogGetLogLevelMap());
if (level != -1) {
- alert_syslog_level = level;
+ json_ctx->file_ctx->syslog_setup.alert_syslog_level = level;
}
}
@@ -537,6 +558,29 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
openlog(ident, LOG_PID|LOG_NDELAY, facility);
}
+#ifdef HAVE_LIBHIREDIS
+ else if (json_ctx->json_out == LOGFILE_TYPE_REDIS) {
+ ConfNode *redis_node = ConfNodeLookupChild(conf, "redis");
+ if (!json_ctx->file_ctx->sensor_name) {
+ char hostname[1024];
+ gethostname(hostname, 1023);
+ json_ctx->file_ctx->sensor_name = SCStrdup(hostname);
+ }
+ if (json_ctx->file_ctx->sensor_name == NULL) {
+ LogFileFreeCtx(json_ctx->file_ctx);
+ SCFree(json_ctx);
+ SCFree(output_ctx);
+ return NULL;
+ }
+
+ if (SCConfLogOpenRedis(redis_node, json_ctx->file_ctx) < 0) {
+ LogFileFreeCtx(json_ctx->file_ctx);
+ SCFree(json_ctx);
+ SCFree(output_ctx);
+ return NULL;
+ }
+ }
+#endif
const char *sensor_id_s = ConfNodeLookupChildValue(conf, "sensor-id");
if (sensor_id_s != NULL) {