output-json: fix duplicate logging

This patches is fixing a issue in the OutputJSONBuffer function. It
was writing to file the content of the buffer starting from the start
to the final offset. But as the writing is done for each JSON string
we are duplicating the previous events if we are reusing the same
buffer.

Duplication was for example triggered when we have multiple alerts
attached to a packet. In the case of two alerts, the first one was
logged twice more as the second one.

This si almost the same code as the one of master but it fixes a
conflict during cherry picking in:
	src/output-json-alert.c

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index bfd646ebe3a5001ff8b4baf69a190103a9f80faa..ed8ce0d560a4a6b1aa74289c826e5180e3726acb 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -79,8 +79,6 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
     if (p->alerts.cnt == 0)
         return TM_ECODE_OK;
 
-    MemBufferReset(buffer);
-
     json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
@@ -104,6 +102,8 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             return TM_ECODE_OK;
         }
 
+        MemBufferReset(buffer);
+
         json_object_set_new(ajs, "action", json_string(action));
         json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
         json_object_set_new(ajs, "signature_id", json_integer(pa->s->id));
@@ -136,11 +136,11 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
     if (p->alerts.cnt == 0)
         return TM_ECODE_OK;
 
-    MemBufferReset(buffer);
-
     CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf));
 
     for (i = 0; i < p->alerts.cnt; i++) {
+        MemBufferReset(buffer);
+
         const PacketAlert *pa = &p->alerts.alerts[i];
         if (unlikely(pa->s == NULL)) {
             continue;