From 6b172bb0103d723574640b53c24f4b00d35a0df3 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 20 Oct 2014 14:02:20 +0200
Subject: [PATCH] drop json: add sids (if applicable)

If a drop is caused by a SID match, add it to the drop record.
---
 src/output-json-drop.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index 19a4f07119..1474517b6e 100644
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -44,6 +44,7 @@
 
 #include "output.h"
 #include "output-json.h"
+#include "output-json-alert.h"
 
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
@@ -133,6 +134,20 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
             break;
     }
     json_object_set_new(js, "drop", djs);
+
+    int i;
+    for (i = 0; i < p->alerts.cnt; i++) {
+        const PacketAlert *pa = &p->alerts.alerts[i];
+        if (unlikely(pa->s == NULL)) {
+            continue;
+        }
+        if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
+           ((pa->action & ACTION_DROP) && EngineModeIsIPS()))
+        {
+            AlertJsonHeader(pa, js);
+        }
+    }
+
     OutputJSONBuffer(js, aft->file_ctx, buffer);
     json_object_del(js, "drop");
     json_object_clear(js);