eve/verdict: log 'accept' for firewall accept rules

author Victor Julien <vjulien@oisf.net>

Fri, 9 May 2025 08:07:42 +0000 (10:07 +0200)

committer Victor Julien <victor@inliniac.net>

Sat, 10 May 2025 01:09:53 +0000 (03:09 +0200)
author Victor Julien <vjulien@oisf.net>
Fri, 9 May 2025 08:07:42 +0000 (10:07 +0200)
committer Victor Julien <victor@inliniac.net>
Sat, 10 May 2025 01:09:53 +0000 (03:09 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index cd59701a99e820239d749e79f9ef20e176ba09fe..2482112b77d4932018349731693b2f75de5b5df2 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -564,6 +564,8 @@ void EveAddVerdict(SCJsonBuilder *jb, const Packet *p)
  
      } else if (PacketCheckAction(p, ACTION_DROP) && EngineModeIsIPS()) {
          JB_SET_STRING(jb, "action", "drop");
+    } else if (PacketCheckAction(p, ACTION_ACCEPT)) {
+        JB_SET_STRING(jb, "action", "accept");
      } else if (p->alerts.alerts[p->alerts.cnt].action & ACTION_PASS) {
          JB_SET_STRING(jb, "action", "pass");
      } else {
author	Victor Julien <vjulien@oisf.net>
	Fri, 9 May 2025 08:07:42 +0000 (10:07 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sat, 10 May 2025 01:09:53 +0000 (03:09 +0200)