aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output/alert: check flag before logging app-layer

Browse Source 
Ticket: 6846
pull/10887/head
Philippe Antoine 12 months ago committed by Victor Julien
parent 910f6af54f
commit 2b4e10224e
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File

14
src/output-json-alert.c
Unescape Escape View File

@ -627,12 +627,14 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
}
if (p->flow != NULL) {
if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
}
/* including fileinfo data is configured by the metadata setting */
if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
AlertAddFiles(p, jb, pa->tx_id);
if (pa->flags & PACKET_ALERT_FLAG_TX) {
if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
}
/* including fileinfo data is configured by the metadata setting */
if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
AlertAddFiles(p, jb, pa->tx_id);
}
}
EveAddAppProto(p->flow, jb);

Write Preview
Loading…
Cancel
Save