aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

drop json: add sids (if applicable)

Browse Source 
If a drop is caused by a SID match, add it to the drop record.
pull/1365/head
Victor Julien 11 years ago
parent 8a97bb0d04
commit 6b172bb010
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File

15
src/output-json-drop.c
Unescape Escape View File

@ -44,6 +44,7 @@
#include "output.h" #include "output.h"
#include "output-json.h" #include "output-json.h"
#include "output-json-alert.h"
#include "util-unittest.h" #include "util-unittest.h"
#include "util-unittest-helper.h" #include "util-unittest-helper.h"
@ -133,6 +134,20 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
break; break;
} }
json_object_set_new(js, "drop", djs); json_object_set_new(js, "drop", djs);
int i;
for (i = 0; i < p->alerts.cnt; i++) {
const PacketAlert *pa = &p->alerts.alerts[i];
if (unlikely(pa->s == NULL)) {
continue;
}
if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
((pa->action & ACTION_DROP) && EngineModeIsIPS()))
{
AlertJsonHeader(pa, js);
}
}
OutputJSONBuffer(js, aft->file_ctx, buffer); OutputJSONBuffer(js, aft->file_ctx, buffer);
json_object_del(js, "drop"); json_object_del(js, "drop");
json_object_clear(js); json_object_clear(js);

Write Preview
Loading…
Cancel
Save