log_json¶
This ihandler can submit information about attacks/connections encoded as json.
Warning
This ihandler is in pre alpha state and it might be changed or removed in the near future.
Configure¶
flat_data
Set to true to flatten object lists.
handlers
List of URLs to submit the information to. At the moment only file, http and https are supported.
Format¶
Format of the connection information:
{
"connection": {
"local": {
"address": "<string:local ip address>",
"port": <integer:local port>,
},
"protocol": "<string:service name e.g. httpd>",
"remote": {
"address": "<string:remote ip address>",
"port": <integer:remote port>,
"hostname": "<string:hostname of the remote host>"
},
"transport": "<string:transport protocol e.g. tcp or udp>",
"type": "<string:connection type e.g. accepted, listen, ...>"
}
}
Example config¶
# SPDX-FileCopyrightText: none
# SPDX-License-Identifier: CC0-1.0
- name: log_json
config:
# Uncomment next line to flatten object lists to work with ELK
# flat_data: true
handlers:
#- http://127.0.0.1:8080/
- file://@DIONAEA_STATEDIR@/dionaea.json