]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61d9f4b) | patch
output-json-alert: add app_proto or flow to events
authorEric Leblond <eric@regit.org>
Wed, 21 Jun 2017 17:50:11 +0000 (19:50 +0200)
committerVictor Julien <victor@inliniac.net>
Mon, 26 Jun 2017 10:31:25 +0000 (12:31 +0200)
commitda9005c404f281badd3bb4ccee675560fae2d359
tree9d5085de6e724e27d89fa91c07808dd05b7e3b99tree
parent61d9f4bb0a947d39d409fd0ebbb3aa1d8374a51acommit | diff
output-json-alert: add app_proto or flow to events

This patch adds a partial flow entry in the alert event
(if applayer or flow is selected) or simply app_proto if
it is not.

app_proto is useful as filter and aggregation field. And
the partial flow entry contains more information about the
proto as well as some volumetry info.
src/output-json-alert.c diff | blob | blame | history
src/output-json-flow.c diff | blob | blame | history
src/output-json-flow.h diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git