From 63ef0d52267150bf3086f73c7dec1298f736aa39 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Tue, 16 Dec 2014 00:14:59 +0100 Subject: [PATCH] output-json: fix duplicate logging This patches is fixing a issue in the OutputJSONBuffer function. It was writing to file the content of the buffer starting from the start to the final offset. But as the writing is done for each JSON string we are duplicating the previous events if we are reusing the same buffer. Duplication was for example triggered when we have multiple alerts attached to a packet. In the case of two alerts, the first one was logged twice more as the second one. This si almost the same code as the one of master but it fixes a conflict during cherry picking in: src/output-json-alert.c --- src/output-json-alert.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/output-json-alert.c b/src/output-json-alert.c index bfd646ebe3..ed8ce0d560 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -79,8 +79,6 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) if (p->alerts.cnt == 0) return TM_ECODE_OK; - MemBufferReset(buffer); - json_t *js = CreateJSONHeader((Packet *)p, 0, "alert"); if (unlikely(js == NULL)) return TM_ECODE_OK; @@ -104,6 +102,8 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) return TM_ECODE_OK; } + MemBufferReset(buffer); + json_object_set_new(ajs, "action", json_string(action)); json_object_set_new(ajs, "gid", json_integer(pa->s->gid)); json_object_set_new(ajs, "signature_id", json_integer(pa->s->id)); @@ -136,11 +136,11 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const if (p->alerts.cnt == 0) return TM_ECODE_OK; - MemBufferReset(buffer); - CreateIsoTimeString(&p->ts, timebuf, sizeof(timebuf)); for (i = 0; i < p->alerts.cnt; i++) { + MemBufferReset(buffer); + const PacketAlert *pa = &p->alerts.alerts[i]; if (unlikely(pa->s == NULL)) { continue; -- 2.47.3