]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ac4887) | patch
output-json: add app_proto key in root
authorEric Leblond <eric@regit.org>
Thu, 3 Dec 2015 11:07:03 +0000 (12:07 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 4 Dec 2015 14:34:35 +0000 (15:34 +0100)
commit538f37bd384846d53e5bb70ce04164eff6c673f6
treefdcda9736adcf40f07f44db044d3e6727e36aa24tree
parent8ac48872a5a005bf97bb90cdc0ecf1fe620448a2commit | diff
output-json: add app_proto key in root

By adding the key in the root of *flow and fileinfo  events it
will be possible to get all events for one application layer by
using a 'event_type:proto OR app_proto:proto' filter. This will
permit to the analyst to get a good view of events related to
one protocol.

This patch also fixes a regression in file logging where app_proto
was available before 94dbd303e4744a40f3761265be7c73a7a4754764 create
the regression.
src/output-json-file.c diff | blob | blame | history
src/output-json-flow.c diff | blob | blame | history
src/output-json-netflow.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git