+ cJSON *root;
+ char *json_string;
+ root = cJSON_CreateObject();
+
+ // Data guaranteed to be there
+ cJSON_AddNumberToObject(root, "crit", al_data->level);
+ cJSON_AddNumberToObject(root, "id", al_data->rule);
+ cJSON_AddStringToObject(root, "component", al_data->location);
+
+ // Rule Meta Data
+ if (al_data->group) cJSON_AddStringToObject(root, "classification", al_data->group);
+ if (al_data->comment) cJSON_AddStringToObject(root, "description", al_data->comment);
+
+ // Raw log message generating event
+ if (al_data->log && al_data->log[0])
+ cJSON_AddStringToObject(root, "message", al_data->log[0]);
+
+ // Add data if it exists
+ if (al_data->user) cJSON_AddStringToObject(root, "acct", al_data->user);
+ if (al_data->srcip) cJSON_AddStringToObject(root, "src_ip", al_data->srcip);
+ if (al_data->srcport) cJSON_AddNumberToObject(root, "src_port", al_data->srcport);
+ if (al_data->dstip) cJSON_AddStringToObject(root, "dst_ip", al_data->dstip);
+ if (al_data->dstport) cJSON_AddNumberToObject(root, "dst_port", al_data->dstport);
+ if (al_data->filename) cJSON_AddStringToObject(root, "file", al_data->filename);
+ if (al_data->old_md5) cJSON_AddStringToObject(root, "md5_old", al_data->old_md5);
+ if (al_data->new_md5) cJSON_AddStringToObject(root, "md5_new", al_data->new_md5);
+ if (al_data->old_sha1) cJSON_AddStringToObject(root, "sha1_old", al_data->old_sha1);
+ if (al_data->new_sha1) cJSON_AddStringToObject(root, "sha1_new", al_data->new_sha1);
+#ifdef GEOIP
+ if (al_data->geoipdatasrc) cJSON_AddStringToObject(root, "src_city", al_data->geoipdatasrc);
+ if (al_data->geoipdatadst) cJSON_AddStringToObject(root, "dst_city", al_data->geoipdatadst);
+#endif
+
+ // Create the JSON String
+ json_string = cJSON_PrintUnformatted(root);
+
+ // Create the syslog message