multi-detect: add tenant id to alert json output

Add a integer field "tenant_id" to the JSON alert output.
11 years ago · 8673801ea3
parent f4c9915066
commit 8673801ea3
3 changed files with 11 additions and 5 deletions
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@ -159,7 +159,7 @@ static void AlertJsonSsh(const Flow *f, json_t *js)
    return;
 }
-void AlertJsonHeader(const PacketAlert *pa, json_t *js)
+void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
 {
    char *action = "allowed";
    if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
@ -187,6 +187,9 @@ void AlertJsonHeader(const PacketAlert *pa, json_t *js)
    if (pa->flags & PACKET_ALERT_FLAG_TX)
        json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
    if (p->tenant_id > 0)
        json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
    /* alert */
    json_object_set_new(js, "alert", ajs);
 }
@ -214,7 +217,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
        MemBufferReset(aft->json_buffer);
        /* alert */
-        AlertJsonHeader(pa, js);
+        AlertJsonHeader(p, pa, js);
        if (json_output_ctx->flags & LOG_JSON_HTTP) {
            if (p->flow != NULL) {
@ -431,6 +434,9 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
                            json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
        json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
        if (p->tenant_id > 0)
            json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
        /* alert */
        json_object_set_new(js, "alert", ajs);
        OutputJSONBuffer(js, aft->file_ctx, buffer);
--- a/src/output-json-alert.h
+++ b/src/output-json-alert.h
@ -29,7 +29,7 @@
 void TmModuleJsonAlertLogRegister (void);
 #ifdef HAVE_LIBJANSSON
-void AlertJsonHeader(const PacketAlert *pa, json_t *js);
+void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js);
 #endif /* HAVE_LIBJANSSON */
 #endif /* __OUTPUT_JSON_ALERT_H__ */
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@ -152,14 +152,14 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
            if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
               ((pa->action & ACTION_DROP) && EngineModeIsIPS()))
            {
-                AlertJsonHeader(pa, js);
+                AlertJsonHeader(p, pa, js);
                logged = 1;
            }
        }
        if (logged == 0) {
            if (p->alerts.drop.action != 0) {
                const PacketAlert *pa = &p->alerts.drop;
-                AlertJsonHeader(pa, js);
+                AlertJsonHeader(p, pa, js);
            }
        }
    }