diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 2cca365..25a0593 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -4,8 +4,11 @@ TOPIC SECURITY-EVENT-LOG 0 TOPIC SECURITY-EVENT-LOG 1 TOPIC CONNECTION-RECORD-LOG 2 TOPIC CONNECTION-SKETCH 3 -TOPIC INTERNAL-RTP-LOG 4 +TOPIC INTERNAL-RTP-LOG 4 TOPIC VOIP-RECORD-LOG 5 +TOPIC LIVE-SESSION-RECORD-LOG 6 +TOPIC TRANSACTION-RECORD-LOG 7 +TOPIC GTPC-RECORD-LOG 8 #TYPE FIELD VALUE LONG common_policy_id 1 @@ -53,11 +56,11 @@ STRING common_server_location 42 STRING quic_sni 43 STRING ssl_ja3_hash 44 STRING common_data_center 45 -STRING common_l7_protocol 46 +STRING common_l7_protocol 46 STRING common_tcp_client_isn 47 STRING common_tcp_server_isn 48 LONG common_app_surrogate_id 49 -STRING sip_from 50 +STRING sip_from 50 STRING sip_to 51 STRING common_tunnels 52 STRING tunnels_schema_type 53 @@ -66,15 +69,19 @@ STRING gtp_pgw_ip 55 STRING gtp_sgw_port 56 STRING gtp_pgw_port 57 STRING gtp_uplink_teid 58 -STRING gtp_downlink_teid 59 +STRING gtp_downlink_teid 59 STRING mpls_c2s_direction_label 60 STRING mpls_s2c_direction_label 61 -STRING vlan_c2s_direction_id 62 -STRING vlan_s2c_direction_id 63 -STRING source 64 -STRING destination 65 -STRING client_ip 66 -STRING server_ip 67 -STRING c2s_id 68 -STRING s2c_id 69 -STRING common_service_category 70 +STRING vlan_c2s_direction_id 62 +STRING vlan_s2c_direction_id 63 +STRING source_mac 64 +STRING destination_mac 65 +STRING c2s_source_mac 66 +STRING c2s_destination_mac 67 +STRING s2c_source_mac 68 +STRING s2c_destination_mac 69 +STRING client_ip 70 +STRING server_ip 71 +STRING c2s_id 72 +STRING s2c_id 73 +STRING common_service_category 74 diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 71b3e40..7a4d786 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -1074,6 +1074,8 @@ static int identify_application_protocol(const struct streaminfo *a_stream, stru { context->proto=PROTO_SIP; } + + return 1; } break; default: diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index ed4f104..c7de8bc 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -474,34 +474,50 @@ static int mac_to_string(unsigned char *mac, char *buff) static int set_link_mac(struct tsg_log_instance_t *_instance, struct layer_addr_mac *mac, cJSON *tunnel_object) { - char buff[128]={0}; - cJSON *mac_object=NULL; + int flag=0; char default_mac[6]={0,0,0,0,0,0}; + char c2s_source_mac[128]={0}; + char c2s_dest_mac[128]={0}; + char s2c_source_mac[128]={0}; + char s2c_dest_mac[128]={0}; if((memcmp(mac->src_addr.h_source, default_mac, 6))) { - mac_object=cJSON_CreateObject(); - mac_to_string(mac->src_addr.h_source, buff); - cJSON_AddStringToObject(mac_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_SOURCE].name, buff); - - mac_to_string(mac->src_addr.h_dest, buff); - cJSON_AddStringToObject(mac_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_DEST].name, buff); - - cJSON_AddItemToObject(tunnel_object, "c2s_direction_mac", mac_object); + flag|=1; + mac_to_string(mac->src_addr.h_source, c2s_source_mac); + mac_to_string(mac->src_addr.h_dest, c2s_dest_mac); } if((memcmp(mac->dst_addr.h_source, default_mac, 6))) { - mac_object=cJSON_CreateObject(); - mac_to_string(mac->dst_addr.h_source, buff); - cJSON_AddStringToObject(mac_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_SOURCE].name, buff); - - mac_to_string(mac->dst_addr.h_dest, buff); - cJSON_AddStringToObject(mac_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_DEST].name, buff); - - cJSON_AddItemToObject(tunnel_object, "s2c_direction_mac", mac_object); + flag|=2; + mac_to_string(mac->dst_addr.h_source, s2c_source_mac); + mac_to_string(mac->dst_addr.h_dest, s2c_dest_mac); } + switch(flag) + { + case 1: + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "ETHERNET"); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_SOURCE].name, c2s_source_mac); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_DEST].name, c2s_dest_mac); + break; + case 2: + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "ETHERNET"); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_SOURCE].name, s2c_source_mac); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_MAC_DEST].name, s2c_dest_mac); + break; + case 3: + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "MULTIPATH_ETHERNET"); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_C2S_MAC_SOURCE].name, c2s_source_mac); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_C2S_MAC_DEST].name, c2s_dest_mac); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_S2C_MAC_SOURCE].name, s2c_source_mac); + cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_S2C_MAC_DEST].name, s2c_dest_mac); + break; + default: + break; + } + return 1; } @@ -655,7 +671,6 @@ static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h { case ADDR_TYPE_MAC: tunnel_object=cJSON_CreateObject(); - cJSON_AddStringToObject(tunnel_object, _instance->id2field[LOG_COMMON_TUNNELS_SCHEMA_TYPE].name, "ETHERNET"); set_link_mac(_instance, (ptmp->addr.mac), tunnel_object); break; case ADDR_TYPE_VLAN: diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index 28f52a5..a662db5 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -91,6 +91,10 @@ typedef enum _tsg_log_field_id LOG_COMMON_TUNNELS_VLAN_DST_ID, LOG_COMMON_TUNNELS_MAC_SOURCE, LOG_COMMON_TUNNELS_MAC_DEST, + LOG_COMMON_TUNNELS_C2S_MAC_SOURCE, + LOG_COMMON_TUNNELS_C2S_MAC_DEST, + LOG_COMMON_TUNNELS_S2C_MAC_SOURCE, + LOG_COMMON_TUNNELS_S2C_MAC_DEST, LOG_COMMON_TUNNELS_CLIENT_IP, LOG_COMMON_TUNNELS_SERVER_IP, LOG_COMMON_TUNNELS_PPTP_C2S_ID,