diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 7a03c7d..9d0b357 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -233,13 +233,13 @@ char *tsg_schema_index2string(tsg_protocol_t proto) schema_field_value=(char *)"SSH"; break; case PROTO_IMAP: - schema_field_value=(char *)"MAIL"; + schema_field_value=(char *)"IMAP"; break; case PROTO_POP3: - schema_field_value=(char *)"MAIL"; + schema_field_value=(char *)"POP3"; break; case PROTO_SMTP: - schema_field_value=(char *)"MAIL"; + schema_field_value=(char *)"SMTP"; break; default: break; @@ -261,7 +261,15 @@ static int master_send_log(struct streaminfo *a_stream, struct Maat_rule_t *p_re { schema_field_name=log_field_id2name(g_tsg_log_instance, LOG_COMMON_SCHAME_TYPE); - schema_field_value=tsg_schema_index2string(identify_info->proto); + if(identify_info->proto==PROTO_IMAP || identify_info->proto==PROTO_SMTP || identify_info->proto==PROTO_POP3) + { + schema_field_value=tsg_schema_index2string(PROTO_MAIL); + } + else + { + schema_field_value=tsg_schema_index2string(identify_info->proto); + } + if(schema_field_value!=NULL) { TLD_append(TLD_handle, schema_field_name, (void *)schema_field_value, TLD_TYPE_STRING); diff --git a/src/tsg_send_log.cpp b/src/tsg_send_log.cpp index 4aa160a..5991fa5 100644 --- a/src/tsg_send_log.cpp +++ b/src/tsg_send_log.cpp @@ -139,6 +139,24 @@ struct TLD_handle_t *TLD_create(int thread_id) return _handle; } +static int set_l7_protocol(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) +{ + char *l7_protocol=NULL; + struct _basic_proto_label *l7_proto_label=NULL; + + l7_proto_label=(struct _basic_proto_label *)project_req_get_struct(a_stream, _instance->l7_proto_project_id); + if(l7_proto_label!=NULL && l7_proto_label->proto_id!=_instance->mail_proto_id) + { + l7_protocol=tsg_l7_protocol_id2name(_instance, l7_proto_label->proto_id); + if(l7_protocol!=NULL) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)l7_protocol, TLD_TYPE_STRING); + return 1; + } + } + + return 0; +} char *log_field_id2name(struct tsg_log_instance_t *instance, tsg_log_field_id_t id) { @@ -201,24 +219,17 @@ static int set_common_sub_action(struct TLD_handle_t *handle, char *field_name, int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream) { char buff[1024]={0}; + int l7_protocol_flag=0; char *l7_protocol=NULL; - struct _basic_proto_label *l7_proto_label=NULL; struct _location_info_t *location=NULL; struct _session_attribute_label_t *internal_label=NULL; + l7_protocol_flag=set_l7_protocol(_instance, _handle, a_stream); + internal_label=(struct _session_attribute_label_t *)project_req_get_struct(a_stream, _instance->internal_project_id); if(internal_label!=NULL) - { - l7_proto_label=(struct _basic_proto_label *)project_req_get_struct(a_stream, _instance->l7_proto_project_id); - if(l7_proto_label!=NULL) - { - l7_protocol=tsg_l7_protocol_id2name(_instance, l7_proto_label->proto_id); - if(l7_protocol!=NULL) - { - TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)l7_protocol, TLD_TYPE_STRING); - } - } - else + { + if(l7_protocol_flag==0) { l7_protocol=tsg_schema_index2string(internal_label->proto); if(l7_protocol!=NULL) @@ -266,7 +277,10 @@ int set_common_field_from_label(struct tsg_log_instance_t *_instance, struct TLD } else { - TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)"UNCATEGORIZED", TLD_TYPE_STRING); + if(l7_protocol_flag==0) + { + TLD_append(_handle, _instance->id2field[LOG_COMMON_L7_PROTOCOL].name, (void *)"UNCATEGORIZED", TLD_TYPE_STRING); + } } return 0; @@ -555,6 +569,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile) MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30); MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog"); + MESA_load_profile_int_def(conffile, "TSG_LOG", "MAIL_PROTOCOL_ID",&(_instance->mail_proto_id), 110); _instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level); if(_instance->logger==NULL) diff --git a/src/tsg_send_log_internal.h b/src/tsg_send_log_internal.h index 4f3a60d..4a765c4 100644 --- a/src/tsg_send_log_internal.h +++ b/src/tsg_send_log_internal.h @@ -92,6 +92,7 @@ struct tsg_log_instance_t { int mode; int level; + int mail_proto_id; int max_service; int recovery_interval; int l7_proto_project_id;