diff --git a/bin/ipfix_conf.json b/bin/ipfix_conf.json index ba00e2d..06a23e0 100644 --- a/bin/ipfix_conf.json +++ b/bin/ipfix_conf.json @@ -93,14 +93,6 @@ "SSH_elements" ] }, - { - "template_id": 268, - "template_name": "BGP", - "elements":[ - "BASE_elements", - "BGP_elements" - ] - }, { "template_id": 269, "template_name": "RDP", @@ -535,6 +527,16 @@ "element_name": "ssl_ja3s_fingerprint", "element_type": "string", "element_id": 132 + }, + { + "element_name": "ssl_esni_flag", + "element_type": "unsigned8", + "element_id": 228 + }, + { + "element_name": "ssl_ech_flag", + "element_type": "unsigned8", + "element_id": 229 } ], "HTTP_elements": [ @@ -580,7 +582,7 @@ }, { "element_name": "http_request_content_length", - "element_type": "string", + "element_type": "unsigned32", "element_id": 82 }, { @@ -590,7 +592,7 @@ }, { "element_name": "http_response_content_length", - "element_type": "string", + "element_type": "unsigned32", "element_id": 84 }, { @@ -607,6 +609,21 @@ "element_name": "http_version", "element_type": "string", "element_id": 87 + }, + { + "element_name": "http_status_code", + "element_type": "unsigned32", + "element_id": 230 + }, + { + "element_name": "http_response_latency_ms", + "element_type": "unsigned32", + "element_id": 231 + }, + { + "element_name": "http_session_duration_ms", + "element_type": "unsigned32", + "element_id": 232 } ], "MAIL_elements": [ @@ -1026,18 +1043,6 @@ "element_id": 178 } ], - "BGP_elements": [ - { - "element_name": "bgp_message_type", - "element_type": "string", - "element_id": 207 - }, - { - "element_name": "bgp_messages", - "element_type": "string", - "element_id": 208 - } - ], "RDP_elements": [ { "element_name": "rdp_cookie", @@ -1091,7 +1096,7 @@ }, { "element_name": "rdp_certificate_type", - "element_type": "unsigned32", + "element_type": "string", "element_id": 223 }, { @@ -1101,7 +1106,7 @@ }, { "element_name": "rdp_certificate_permanent", - "element_type": "string", + "element_type": "unsigned32", "element_id": 225 }, { @@ -1121,7 +1126,7 @@ "Stratum_elements": [ { "element_name": "stratum_cryptocurrency", - "element_type": "unsigned32", + "element_type": "string", "element_id": 209 }, { diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 89d8f43..64e4fac 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -2266,6 +2266,14 @@ static int tsg_send_ipfix_message(struct TLD_handle_t *_handle, int thread_id) int64_t value = iter->value.GetInt64(); ipfix_message_append(message, iter->name.GetString(), iter->name.GetStringLength(), (char *)&(value), sizeof(int64_t)); } + else if (iter->value.GetType() == rapidjson::kObjectType || iter->value.GetType() == rapidjson::kArrayType) + { + StringBuffer sb(0, 128); + Writer writer(sb); + iter->value.Accept(writer); + + ipfix_message_append(message, iter->name.GetString(), iter->name.GetStringLength(), (char *)sb.GetString(), sb.GetSize()); + } } ipfix_message_send(g_tsg_log_instance->ipfix_instance, message, (uint16_t)thread_id);