/src/suricata7/src/output-json-snmp.c

Source
/* Copyright (C) 2018-2021 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Pierre Chifflier <chifflier@wzdftpd.net>
 *
 * Implement JSON/eve logging app-layer SNMP.
 */

#include "suricata-common.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"

#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"

#include "util-unittest.h"
#include "util-buffer.h"
#include "util-debug.h"
#include "util-byte.h"

#include "output.h"
#include "output-json.h"

#include "app-layer.h"
#include "app-layer-parser.h"

#include "app-layer-snmp.h"
#include "output-json-snmp.h"

#include "rust.h"

static int JsonSNMPLogger(ThreadVars *tv, void *thread_data,
    const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
    SNMPTransaction *snmptx = tx;
    OutputJsonThreadCtx *thread = thread_data;

    JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "snmp", NULL, thread->ctx);
    if (unlikely(jb == NULL)) {
        return TM_ECODE_FAILED;
    }

    jb_open_object(jb, "snmp");
    if (!rs_snmp_log_json_response(jb, snmptx)) {
        goto error;
    }
    jb_close(jb);

    OutputJsonBuilderBuffer(jb, thread);

    jb_free(jb);
    return TM_ECODE_OK;

error:
    jb_free(jb);
    return TM_ECODE_FAILED;
}

static OutputInitResult OutputSNMPLogInitSub(ConfNode *conf,
    OutputCtx *parent_ctx)
{
    AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
    return OutputJsonLogInitSub(conf, parent_ctx);
}

void JsonSNMPLogRegister(void)
{
    /* Register as an eve sub-module. */
    OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSNMPLog", "eve-log.snmp",
            OutputSNMPLogInitSub, ALPROTO_SNMP, JsonSNMPLogger, JsonLogThreadInit,
            JsonLogThreadDeinit, NULL);

    SCLogDebug("SNMP JSON logger registered.");
}

Line	Count	Source
1		/* Copyright (C) 2018-2021 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		/**
19		* \file
20		*
21		* \author Pierre Chifflier <chifflier@wzdftpd.net>
22		*
23		* Implement JSON/eve logging app-layer SNMP.
24		*/
25
26		#include "suricata-common.h"
27		#include "detect.h"
28		#include "pkt-var.h"
29		#include "conf.h"
30
31		#include "threads.h"
32		#include "threadvars.h"
33		#include "tm-threads.h"
34
35		#include "util-unittest.h"
36		#include "util-buffer.h"
37		#include "util-debug.h"
38		#include "util-byte.h"
39
40		#include "output.h"
41		#include "output-json.h"
42
43		#include "app-layer.h"
44		#include "app-layer-parser.h"
45
46		#include "app-layer-snmp.h"
47		#include "output-json-snmp.h"
48
49		#include "rust.h"
50
51		static int JsonSNMPLogger(ThreadVars tv, void thread_data,
52		const Packet p, Flow f, void state, void tx, uint64_t tx_id)
53	10.5k	{
54	10.5k	SNMPTransaction *snmptx = tx;
55	10.5k	OutputJsonThreadCtx *thread = thread_data;
56
57	10.5k	JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "snmp", NULL, thread->ctx);
58	10.5k	if (unlikely(jb == NULL)) {
59	0	return TM_ECODE_FAILED;
60	0	}
61
62	10.5k	jb_open_object(jb, "snmp");
63	10.5k	if (!rs_snmp_log_json_response(jb, snmptx)) {
64	0	goto error;
65	0	}
66	10.5k	jb_close(jb);
67
68	10.5k	OutputJsonBuilderBuffer(jb, thread);
69
70	10.5k	jb_free(jb);
71	10.5k	return TM_ECODE_OK;
72
73	0	error:
74	0	jb_free(jb);
75	0	return TM_ECODE_FAILED;
76	10.5k	}
77
78		static OutputInitResult OutputSNMPLogInitSub(ConfNode *conf,
79		OutputCtx *parent_ctx)
80	2	{
81	2	AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_SNMP);
82	2	return OutputJsonLogInitSub(conf, parent_ctx);
83	2	}
84
85		void JsonSNMPLogRegister(void)
86	33	{
87		/* Register as an eve sub-module. */
88	33	OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonSNMPLog", "eve-log.snmp",
89	33	OutputSNMPLogInitSub, ALPROTO_SNMP, JsonSNMPLogger, JsonLogThreadInit,
90	33	JsonLogThreadDeinit, NULL);
91
92	33	SCLogDebug("SNMP JSON logger registered.");
93	33	}

Coverage Report

Created: 2026-02-14 06:42