From a2659ed7ec648ae2fe269335a76766852e915076 Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Fri, 13 Jan 2017 11:46:59 +0100 Subject: [PATCH] output-json-flow: add has_alerts field Add has_alerts field to flow eve-log to indicate if a flow has any alerts or not. --- src/output-json-flow.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/output-json-flow.c b/src/output-json-flow.c index cf65c51da2..e2d7c1b5c2 100644 --- a/src/output-json-flow.c +++ b/src/output-json-flow.c @@ -261,6 +261,8 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f) json_object_set_new(hjs, "reason", json_string(reason)); + json_object_set_new(hjs, "alerted", json_boolean(FlowHasAlerts(f))); + json_object_set_new(js, "flow", hjs);