summaryrefslogtreecommitdiffstats
path: root/filter
diff options
context:
space:
mode:
authorEric Leblond <eric@regit.org>2014-01-26 22:21:42 +0100
committerEric Leblond <eric@regit.org>2014-01-28 23:06:19 +0100
commit0d213c1f1de63a016bcd730106e3aea83439c388 (patch)
treecdb0b67ea184f9601c8b3e7886fc693e6c995d69 /filter
parent5ebf1795c064cdde5ddaf66a263f532030317dd5 (diff)
store Common Information Model name in ulogd key
This patch adds storage for CIM field name in ulogd key. This will be used by JSON output to interoperate with logging collector such as logstash or splunk. Common Information Model is an open standard that defines how managed elements in an IT environment are represented as a common set of objects and relationships between them: http://www.dmtf.org/standards/cim This seems to be mainly XML based but there is a JSON version of some aspects of the model. One of the main documentation on CIM in JSON format seems to be: http://docs.splunk.com/Documentation/PCI/2.0/DataSource/CommonInformationModelFieldReference Using the correct CIM field name allow events coming from ulogd to be correlated with events coming from other sources.
Diffstat (limited to 'filter')
-rw-r--r--filter/raw2packet/ulogd_raw2packet_BASE.c10
-rw-r--r--filter/ulogd_filter_IP2STR.c4
2 files changed, 12 insertions, 2 deletions
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 8dfe38e..c9d5227 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -259,6 +259,7 @@ static struct ulogd_key iphdr_rets[] = {
.vendor = IPFIX_VENDOR_IETF,
.field_id = IPFIX_tcpSourcePort,
},
+ .cim_name = "src_port",
},
[KEY_TCP_DPORT] = {
.type = ULOGD_RET_UINT16,
@@ -268,6 +269,7 @@ static struct ulogd_key iphdr_rets[] = {
.vendor = IPFIX_VENDOR_IETF,
.field_id = IPFIX_tcpDestinationPort,
},
+ .cim_name = "dest_port",
},
[KEY_TCP_SEQ] = {
.type = ULOGD_RET_UINT32,
@@ -368,6 +370,7 @@ static struct ulogd_key iphdr_rets[] = {
.vendor = IPFIX_VENDOR_IETF,
.field_id = IPFIX_udpSourcePort,
},
+ .cim_name = "src_port",
},
[KEY_UDP_DPORT] = {
.type = ULOGD_RET_UINT16,
@@ -377,6 +380,7 @@ static struct ulogd_key iphdr_rets[] = {
.vendor = IPFIX_VENDOR_IETF,
.field_id = IPFIX_udpDestinationPort,
},
+ .cim_name = "dest_port",
},
[KEY_UDP_LEN] = {
.type = ULOGD_RET_UINT16,
@@ -512,12 +516,14 @@ static struct ulogd_key iphdr_rets[] = {
[KEY_SCTP_SPORT] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
- .name = "sctp.sport",
+ .name = "sctp.sport",
+ .cim_name = "src_port",
},
[KEY_SCTP_DPORT] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
- .name = "sctp.dport",
+ .name = "sctp.dport",
+ .cim_name = "dest_port",
},
[KEY_SCTP_CSUM] = {
.type = ULOGD_RET_UINT32,
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 44157fe..732e1ef 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -102,18 +102,22 @@ static struct ulogd_key ip2str_keys[] = {
{
.type = ULOGD_RET_STRING,
.name = "ip.saddr.str",
+ .cim_name = "src_ip",
},
{
.type = ULOGD_RET_STRING,
.name = "ip.daddr.str",
+ .cim_name = "dest_ip",
},
{
.type = ULOGD_RET_STRING,
.name = "orig.ip.saddr.str",
+ .cim_name = "src_ip",
},
{
.type = ULOGD_RET_STRING,
.name = "orig.ip.daddr.str",
+ .cim_name = "dest_ip",
},
{
.type = ULOGD_RET_STRING,