Beispiel #1
0
static TmEcode JsonAlertLogThreadDeinit(ThreadVars *t, void *data)
{
    JsonAlertLogThread *aft = (JsonAlertLogThread *)data;
    if (aft == NULL) {
        return TM_ECODE_OK;
    }

    MemBufferFree(aft->json_buffer);
    MemBufferFree(aft->payload_buffer);

    /* clear memory */
    memset(aft, 0, sizeof(JsonAlertLogThread));

    SCFree(aft);
    return TM_ECODE_OK;
}
Beispiel #2
0
static TmEcode MSSqlJsonLogThreadDeinit(ThreadVars *t, void *data) {
    LogMSSqlLogThread *aft = data;
    if (!aft)
        return TM_ECODE_OK;
    MemBufferFree(aft->buffer);
    memset(aft, 0, sizeof(*aft));
    SCFree(aft);
    return TM_ECODE_OK;
}
Beispiel #3
0
static TmEcode JsonIKEv2LogThreadDeinit(ThreadVars *t, void *data)
{
    LogIKEv2LogThread *thread = (LogIKEv2LogThread *)data;
    if (thread == NULL) {
        return TM_ECODE_OK;
    }
    if (thread->buffer != NULL) {
        MemBufferFree(thread->buffer);
    }
    SCFree(thread);
    return TM_ECODE_OK;
}
Beispiel #4
0
static TmEcode ThreadDeinit(ThreadVars *t, void *data) {
	DBJsonLogThread *jlt = (DBJsonLogThread *)data;
	if (jlt == NULL) {
		return TM_ECODE_OK;
	}

	MemBufferFree(jlt->buf);
	/* clear memory */
	memset(jlt, 0, sizeof(DBJsonLogThread));

	SCFree(jlt);
	return TM_ECODE_OK;
}
Beispiel #5
0
static TmEcode LogTlsLogThreadDeinit(ThreadVars *t, void *data)
{
    LogTlsLogThread *aft = (LogTlsLogThread *) data;
    if (aft == NULL) {
        return TM_ECODE_OK;
    }

    MemBufferFree(aft->buffer);
    /* clear memory */
    memset(aft, 0, sizeof(LogTlsLogThread));

    SCFree(aft);
    return TM_ECODE_OK;
}
void RulesDumpMatchArray(const DetectEngineThreadCtx *det_ctx, const Packet *p)
{
    json_t *js = CreateJSONHeader(p, 0, "inspectedrules");
    if (js == NULL)
        return;
    json_t *ir = json_object();
    if (ir == NULL)
        return;

    json_object_set_new(ir, "rule_group_id", json_integer(det_ctx->sgh->id));
    json_object_set_new(ir, "rule_cnt", json_integer(det_ctx->match_array_cnt));

    json_t *js_array = json_array();
    uint32_t x;
    for (x = 0; x < det_ctx->match_array_cnt; x++)
    {
        const Signature *s = det_ctx->match_array[x];
        if (s == NULL)
            continue;

        json_t *js_sig = json_object();
        if (unlikely(js == NULL))
            continue;
        json_object_set_new(js_sig, "sig_id", json_integer(s->id));

        json_object_set_new(js_sig, "mpm", (s->mpm_sm != NULL) ? json_true() : json_false());

        if (s->mpm_sm != NULL) {
            char orig[256] = "";
            char chop[256] = "";

            DumpFp(s->mpm_sm, orig, sizeof(orig), chop, sizeof(chop));

            json_object_set_new(js_sig, "mpm_buffer", json_string(DetectListToHumanString(SigMatchListSMBelongsTo(s, s->mpm_sm))));
            json_object_set_new(js_sig, "mpm_pattern", json_string(orig));

            if (strlen(chop) > 0) {
                json_object_set_new(js_sig, "mpm_pattern_chop", json_string(chop));
            }
        }
        json_array_append_new(js_array, js_sig);
    }

    json_object_set_new(ir, "rules", js_array);
    json_object_set_new(js, "inspectedrules", ir);

    const char *filename = "packet_inspected_rules.json";
    const char *log_dir = ConfigGetLogDirectory();
    char log_path[PATH_MAX] = "";
    snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, filename);

    MemBuffer *mbuf = NULL;
    mbuf = MemBufferCreateNew(4096);
    BUG_ON(mbuf == NULL);

    OutputJSONMemBufferWrapper wrapper = {
        .buffer = &mbuf,
        .expand_by = 4096,
    };

    int r = json_dump_callback(js, OutputJSONMemBufferCallback, &wrapper,
                               JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
                               JSON_ESCAPE_SLASH);
    if (r != 0) {
        SCLogWarning(SC_ERR_SOCKET, "unable to serialize JSON object");
    } else {
        MemBufferWriteString(mbuf, "\n");
        SCMutexLock(&g_rule_dump_write_m);
        FILE *fp = fopen(log_path, "a");
        if (fp != NULL) {
            MemBufferPrintToFPAsString(mbuf, fp);
            fclose(fp);
            SCMutexUnlock(&g_rule_dump_write_m);
        }
    }

    MemBufferFree(mbuf);
    json_object_clear(js);
    json_decref(js);
}