From 2290821e0310cedd17ac80045365a8c23ab61f6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E7=8E=89=E6=B3=A2?= Date: Wed, 13 Sep 2023 10:59:50 +0000 Subject: [PATCH] =?UTF-8?q?TSG-17051:=E6=9B=B4=E6=96=B0=E6=A8=A1=E6=9D=BF?= =?UTF-8?q?=E6=96=87=E4=BB=B6ipfix=5Fconf.json,=E5=A2=9E=E5=8A=A0object?= =?UTF-8?q?=E3=80=81array=E7=B1=BB=E5=9E=8B=E5=AD=97=E6=AE=B5=E7=9A=84?= =?UTF-8?q?=E5=A4=84=E7=90=86=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/ipfix_conf.json | 55 ++++++++++++++++++++++++-------------------- src/tsg_send_log.cpp | 8 +++++++ 2 files changed, 38 insertions(+), 25 deletions(-) diff --git a/bin/ipfix_conf.json b/bin/ipfix_conf.json index ba00e2d..06a23e0 100644 --- a/bin/ipfix_conf.json +++ b/bin/ipfix_conf.json @@ -93,14 +93,6 @@ "SSH_elements" ] }, - { - "template_id": 268, - "template_name": "BGP", - "elements":[ - "BASE_elements", - "BGP_elements" - ] - }, { "template_id": 269, "template_name": "RDP", @@ -535,6 +527,16 @@ "element_name": "ssl_ja3s_fingerprint", "element_type": "string", "element_id": 132 + }, + { + "element_name": "ssl_esni_flag", + "element_type": "unsigned8", + "element_id": 228 + }, + { + "element_name": "ssl_ech_flag", + "element_type": "unsigned8", + "element_id": 229 } ], "HTTP_elements": [ @@ -580,7 +582,7 @@ }, { "element_name": "http_request_content_length", - "element_type": "string", + "element_type": "unsigned32", "element_id": 82 }, { @@ -590,7 +592,7 @@ }, { "element_name": "http_response_content_length", - "element_type": "string", + "element_type": "unsigned32", "element_id": 84 }, { @@ -607,6 +609,21 @@ "element_name": "http_version", "element_type": "string", "element_id": 87 + }, + { + "element_name": "http_status_code", + "element_type": "unsigned32", + "element_id": 230 + }, + { + "element_name": "http_response_latency_ms", + "element_type": "unsigned32", + "element_id": 231 + }, + { + "element_name": "http_session_duration_ms", + "element_type": "unsigned32", + "element_id": 232 } ], "MAIL_elements": [ @@ -1026,18 +1043,6 @@ "element_id": 178 } ], - "BGP_elements": [ - { - "element_name": "bgp_message_type", - "element_type": "string", - "element_id": 207 - }, - { - "element_name": "bgp_messages", - "element_type": "string", - "element_id": 208 - } - ], "RDP_elements": [ { "element_name": "rdp_cookie", @@ -1091,7 +1096,7 @@ }, { "element_name": "rdp_certificate_type", - "element_type": "unsigned32", + "element_type": "string", "element_id": 223 }, { @@ -1101,7 +1106,7 @@ }, { "element_name": "rdp_certificate_permanent", - "element_type": "string", + "element_type": "unsigned32", "element_id": 225 }, { @@ -1121,7 +1126,7 @@ "Stratum_elements": [ { "element_name": "stratum_cryptocurrency", - "element_type": "unsigned32", + "element_type": "string", "element_id": 209 }, { diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 89d8f43..64e4fac 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -2266,6 +2266,14 @@ static int tsg_send_ipfix_message(struct TLD_handle_t *_handle, int thread_id) int64_t value = iter->value.GetInt64(); ipfix_message_append(message, iter->name.GetString(), iter->name.GetStringLength(), (char *)&(value), sizeof(int64_t)); } + else if (iter->value.GetType() == rapidjson::kObjectType || iter->value.GetType() == rapidjson::kArrayType) + { + StringBuffer sb(0, 128); + Writer writer(sb); + iter->value.Accept(writer); + + ipfix_message_append(message, iter->name.GetString(), iter->name.GetStringLength(), (char *)sb.GetString(), sb.GetSize()); + } } ipfix_message_send(g_tsg_log_instance->ipfix_instance, message, (uint16_t)thread_id);