Skip to content

Commit

Permalink
eve/alert: add direction field to log data way
Browse files Browse the repository at this point in the history 
Add a key in the event to specify if the data that did
trigger the alert are in to_client or to_server direction.
  • Loading branch information
@regit @victorjulien
regit authored and victorjulien committed Oct 3, 2022
1 parent f1300e6 commit a0065f4
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/output-json-alert.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -719,6 +719,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
}

EveAddAppProto(p->flow, jb);

if (p->flowflags & FLOW_PKT_TOSERVER) {
jb_set_string(jb, "direction", "to_server");
} else {
jb_set_string(jb, "direction", "to_client");
}

if (json_output_ctx->flags & LOG_JSON_FLOW) {
jb_open_object(jb, "flow");
EveAddFlow(p->flow, jb);
Expand Down

0 comments on commit a0065f4

Please sign in to comment.