Having hostname in EVENT_FLOW_END json output?

utoni / nDPId

Tiny nDPI based deep packet inspection daemons / toolkit.

GNU General Public License v3.0

66 stars 14 forks source link

Having hostname in EVENT_FLOW_END json output? #24

Open fateme81 opened 1 year ago

fateme81 commented 1 year ago

we have field host_server_name as a field of EVENT_FLOW_DETECTED log. how can we bring it in EVENT_FLOW_END ??

utoni commented 1 year ago

You need to store the host server name in the current flow.

For the C API: You need to reserve some user flow memory during socket init. In the JSON callback you may then access your memory via nDPIsrvd's flow struct.

For the Python API: You may use the current flow in the JSON callback and add the information you'll need. This information will be available as long as the flow does not end or time out.