suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
output-json-http.c File Reference
#include "suricata-common.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"
#include "util-print.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "output.h"
#include "app-layer-htp.h"
#include "app-layer-htp-file.h"
#include "app-layer-htp-xff.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "util-privs.h"
#include "util-buffer.h"
#include "util-proto-name.h"
#include "util-logopenfile.h"
#include "util-time.h"
#include "output-json.h"
#include "output-json-alert.h"
#include "output-json-http.h"
#include "util-byte.h"
Include dependency graph for output-json-http.c:

Go to the source code of this file.

Data Structures

struct  LogHttpFileCtx_
 
struct  JsonHttpLogThread_
 

Macros

#define MAX_SIZE_HEADER_NAME   256
 
#define MAX_SIZE_HEADER_VALUE   2048
 
#define LOG_HTTP_DEFAULT   0
 
#define LOG_HTTP_EXTENDED   1
 
#define LOG_HTTP_REQUEST   2 /* request field */
 
#define LOG_HTTP_ARRAY   4 /* require array handling */
 
#define LOG_HTTP_REQ_HEADERS   8
 
#define LOG_HTTP_RES_HEADERS   16
 

Typedefs

typedef struct LogHttpFileCtx_ LogHttpFileCtx
 
typedef struct JsonHttpLogThread_ JsonHttpLogThread
 

Enumerations

enum  HttpField {
  HTTP_FIELD_ACCEPT = 0 , HTTP_FIELD_ACCEPT_CHARSET , HTTP_FIELD_ACCEPT_ENCODING , HTTP_FIELD_ACCEPT_LANGUAGE ,
  HTTP_FIELD_ACCEPT_DATETIME , HTTP_FIELD_AUTHORIZATION , HTTP_FIELD_CACHE_CONTROL , HTTP_FIELD_COOKIE ,
  HTTP_FIELD_FROM , HTTP_FIELD_MAX_FORWARDS , HTTP_FIELD_ORIGIN , HTTP_FIELD_PRAGMA ,
  HTTP_FIELD_PROXY_AUTHORIZATION , HTTP_FIELD_RANGE , HTTP_FIELD_TE , HTTP_FIELD_VIA ,
  HTTP_FIELD_X_REQUESTED_WITH , HTTP_FIELD_DNT , HTTP_FIELD_X_FORWARDED_PROTO , HTTP_FIELD_X_AUTHENTICATED_USER ,
  HTTP_FIELD_X_FLASH_VERSION , HTTP_FIELD_ACCEPT_RANGES , HTTP_FIELD_AGE , HTTP_FIELD_ALLOW ,
  HTTP_FIELD_CONNECTION , HTTP_FIELD_CONTENT_ENCODING , HTTP_FIELD_CONTENT_LANGUAGE , HTTP_FIELD_CONTENT_LENGTH ,
  HTTP_FIELD_CONTENT_LOCATION , HTTP_FIELD_CONTENT_MD5 , HTTP_FIELD_CONTENT_RANGE , HTTP_FIELD_CONTENT_TYPE ,
  HTTP_FIELD_DATE , HTTP_FIELD_ETAG , HTTP_FIELD_EXPIRES , HTTP_FIELD_LAST_MODIFIED ,
  HTTP_FIELD_LINK , HTTP_FIELD_LOCATION , HTTP_FIELD_PROXY_AUTHENTICATE , HTTP_FIELD_REFERRER ,
  HTTP_FIELD_REFRESH , HTTP_FIELD_RETRY_AFTER , HTTP_FIELD_SERVER , HTTP_FIELD_SET_COOKIE ,
  HTTP_FIELD_TRAILER , HTTP_FIELD_TRANSFER_ENCODING , HTTP_FIELD_UPGRADE , HTTP_FIELD_VARY ,
  HTTP_FIELD_WARNING , HTTP_FIELD_WWW_AUTHENTICATE , HTTP_FIELD_TRUE_CLIENT_IP , HTTP_FIELD_ORG_SRC_IP ,
  HTTP_FIELD_X_BLUECOAT_VIA , HTTP_FIELD_SIZE
}
 

Functions

void EveHttpLogJSONBodyPrintable (SCJsonBuilder *js, Flow *f, uint64_t tx_id)
 
void EveHttpLogJSONBodyBase64 (SCJsonBuilder *js, Flow *f, uint64_t tx_id)
 
bool EveHttpAddMetadata (const Flow *f, uint64_t tx_id, SCJsonBuilder *js)
 
void JsonHttpLogRegister (void)
 

Variables

struct { 
 
   const char *   config_field 
 
   const char *   htp_field 
 
   uint32_t   flags 
 
http_fields [] 
 

Detailed Description

Author
Tom DeCanio td@np.nosp@m.ulse.nosp@m.tech..nosp@m.com

Implements HTTP JSON logging portion of the engine.

Definition in file output-json-http.c.

Macro Definition Documentation

◆ LOG_HTTP_ARRAY

#define LOG_HTTP_ARRAY   4 /* require array handling */

Definition at line 76 of file output-json-http.c.

◆ LOG_HTTP_DEFAULT

#define LOG_HTTP_DEFAULT   0

Definition at line 73 of file output-json-http.c.

◆ LOG_HTTP_EXTENDED

#define LOG_HTTP_EXTENDED   1

Definition at line 74 of file output-json-http.c.

◆ LOG_HTTP_REQ_HEADERS

#define LOG_HTTP_REQ_HEADERS   8

Definition at line 77 of file output-json-http.c.

◆ LOG_HTTP_REQUEST

#define LOG_HTTP_REQUEST   2 /* request field */

Definition at line 75 of file output-json-http.c.

◆ LOG_HTTP_RES_HEADERS

#define LOG_HTTP_RES_HEADERS   16

Definition at line 78 of file output-json-http.c.

◆ MAX_SIZE_HEADER_NAME

#define MAX_SIZE_HEADER_NAME   256

Definition at line 70 of file output-json-http.c.

◆ MAX_SIZE_HEADER_VALUE

#define MAX_SIZE_HEADER_VALUE   2048

Definition at line 71 of file output-json-http.c.

Typedef Documentation

◆ JsonHttpLogThread

typedef struct JsonHttpLogThread_ JsonHttpLogThread

◆ LogHttpFileCtx

typedef struct LogHttpFileCtx_ LogHttpFileCtx

Enumeration Type Documentation

◆ HttpField

enum HttpField
Enumerator
HTTP_FIELD_ACCEPT 
HTTP_FIELD_ACCEPT_CHARSET 
HTTP_FIELD_ACCEPT_ENCODING 
HTTP_FIELD_ACCEPT_LANGUAGE 
HTTP_FIELD_ACCEPT_DATETIME 
HTTP_FIELD_AUTHORIZATION 
HTTP_FIELD_CACHE_CONTROL 
HTTP_FIELD_COOKIE 
HTTP_FIELD_FROM 
HTTP_FIELD_MAX_FORWARDS 
HTTP_FIELD_ORIGIN 
HTTP_FIELD_PRAGMA 
HTTP_FIELD_PROXY_AUTHORIZATION 
HTTP_FIELD_RANGE 
HTTP_FIELD_TE 
HTTP_FIELD_VIA 
HTTP_FIELD_X_REQUESTED_WITH 
HTTP_FIELD_DNT 
HTTP_FIELD_X_FORWARDED_PROTO 
HTTP_FIELD_X_AUTHENTICATED_USER 
HTTP_FIELD_X_FLASH_VERSION 
HTTP_FIELD_ACCEPT_RANGES 
HTTP_FIELD_AGE 
HTTP_FIELD_ALLOW 
HTTP_FIELD_CONNECTION 
HTTP_FIELD_CONTENT_ENCODING 
HTTP_FIELD_CONTENT_LANGUAGE 
HTTP_FIELD_CONTENT_LENGTH 
HTTP_FIELD_CONTENT_LOCATION 
HTTP_FIELD_CONTENT_MD5 
HTTP_FIELD_CONTENT_RANGE 
HTTP_FIELD_CONTENT_TYPE 
HTTP_FIELD_DATE 
HTTP_FIELD_ETAG 
HTTP_FIELD_EXPIRES 
HTTP_FIELD_LAST_MODIFIED 
HTTP_FIELD_LINK 
HTTP_FIELD_LOCATION 
HTTP_FIELD_PROXY_AUTHENTICATE 
HTTP_FIELD_REFERRER 
HTTP_FIELD_REFRESH 
HTTP_FIELD_RETRY_AFTER 
HTTP_FIELD_SERVER 
HTTP_FIELD_SET_COOKIE 
HTTP_FIELD_TRAILER 
HTTP_FIELD_TRANSFER_ENCODING 
HTTP_FIELD_UPGRADE 
HTTP_FIELD_VARY 
HTTP_FIELD_WARNING 
HTTP_FIELD_WWW_AUTHENTICATE 
HTTP_FIELD_TRUE_CLIENT_IP 
HTTP_FIELD_ORG_SRC_IP 
HTTP_FIELD_X_BLUECOAT_VIA 
HTTP_FIELD_SIZE 

Definition at line 80 of file output-json-http.c.

Function Documentation

◆ EveHttpAddMetadata()

bool EveHttpAddMetadata ( const Flow f,
uint64_t  tx_id,
SCJsonBuilder *  js 
)

Definition at line 495 of file output-json-http.c.

References ALPROTO_HTTP1, and AppLayerParserGetTx().

Referenced by JsonBuildFileInfoRecord().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ EveHttpLogJSONBodyBase64()

void EveHttpLogJSONBodyBase64 ( SCJsonBuilder *  js,
Flow f,
uint64_t  tx_id 
)

Definition at line 420 of file output-json-http.c.

References ALPROTO_HTTP1, AppLayerParserGetTx(), HtpTxUserData_::request_body, and HtpTxUserData_::response_body.

Here is the call graph for this function:

◆ EveHttpLogJSONBodyPrintable()

void EveHttpLogJSONBodyPrintable ( SCJsonBuilder *  js,
Flow f,
uint64_t  tx_id 
)

Definition at line 391 of file output-json-http.c.

References ALPROTO_HTTP1, AppLayerParserGetTx(), HtpTxUserData_::request_body, and HtpTxUserData_::response_body.

Here is the call graph for this function:

◆ JsonHttpLogRegister()

void JsonHttpLogRegister ( void  )

Definition at line 644 of file output-json-http.c.

References ALPROTO_HTTP1, LOGGER_JSON_TX, and OutputRegisterTxSubModule().

Referenced by OutputRegisterLoggers().

Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ config_field

const char* config_field

Definition at line 138 of file output-json-http.c.

◆ flags

uint32_t flags

Definition at line 140 of file output-json-http.c.

◆ htp_field

const char* htp_field

Definition at line 139 of file output-json-http.c.

◆ [struct]

struct { ... } http_fields[]