From 43f0d5031db2a43ecdbee6f7dfda75cef6d4f56e Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Tue, 24 Nov 2015 23:17:00 -0800 Subject: Added apache 2 license verbage Change-Id: I6a0b484496f7f3ba77c3584f5ab5a1acf353b298 Signed-off-by: Ashlee Young --- framework/src/suricata/src/alert-unified2-alert.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'framework/src/suricata/src/alert-unified2-alert.c') diff --git a/framework/src/suricata/src/alert-unified2-alert.c b/framework/src/suricata/src/alert-unified2-alert.c index ede624c4..facc66b2 100644 --- a/framework/src/suricata/src/alert-unified2-alert.c +++ b/framework/src/suricata/src/alert-unified2-alert.c @@ -186,8 +186,11 @@ typedef struct AlertUnified2Packet_ { typedef struct Unified2AlertFileCtx_ { LogFileCtx *file_ctx; HttpXFFCfg *xff_cfg; + uint32_t flags; /**< flags for all alerts */ } Unified2AlertFileCtx; +#define UNIFIED2_ALERT_FLAGS_EMIT_PACKET (1 << 0) + /** * Unified2 thread vars * @@ -698,6 +701,9 @@ static int Unified2PacketTypeAlert(Unified2AlertThread *aun, const Packet *p, ui { int ret = 0; + if (!(aun->unified2alert_ctx->flags & UNIFIED2_ALERT_FLAGS_EMIT_PACKET)) + return 1; + /* try stream logging first */ if (stream) { SCLogDebug("logging the state"); @@ -1299,6 +1305,20 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf) } } + uint32_t flags = UNIFIED2_ALERT_FLAGS_EMIT_PACKET; + if (conf != NULL) { + const char *payload = NULL; + payload = ConfNodeLookupChildValue(conf, "payload"); + if (payload) { + if (ConfValIsFalse(payload)) { + flags &= ~UNIFIED2_ALERT_FLAGS_EMIT_PACKET; + } else if (!ConfValIsTrue(payload)) { + SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, invalid payload: %s", payload); + exit(EXIT_FAILURE); + } + } + } + ret = Unified2AlertOpenFileCtx(file_ctx, filename); if (ret < 0) goto error; @@ -1325,6 +1345,7 @@ OutputCtx *Unified2AlertInitCtx(ConfNode *conf) unified2alert_ctx->file_ctx = file_ctx; unified2alert_ctx->xff_cfg = xff_cfg; + unified2alert_ctx->flags = flags; output_ctx->data = unified2alert_ctx; output_ctx->DeInit = Unified2AlertDeInitCtx; -- cgit 1.2.3-korg