output/alert: check flag before logging app-layer

author Philippe Antoine <pantoine@oisf.net>

Wed, 13 Mar 2024 20:26:05 +0000 (21:26 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 17 Apr 2024 15:09:04 +0000 (17:09 +0200)
author Philippe Antoine <pantoine@oisf.net>
Wed, 13 Mar 2024 20:26:05 +0000 (21:26 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 17 Apr 2024 15:09:04 +0000 (17:09 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index eb88af294a89732113895806c8ceb73c1905610e..99ffbc251dfea9bb32ab5c16368422a04ef3ff80 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -627,12 +627,14 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
          }
  
          if (p->flow != NULL) {
-            if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
-                AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
-            }
-            /* including fileinfo data is configured by the metadata setting */
-            if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
-                AlertAddFiles(p, jb, pa->tx_id);
+            if (pa->flags & PACKET_ALERT_FLAG_TX) {
+                if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
+                    AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
+                }
+                /* including fileinfo data is configured by the metadata setting */
+                if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
+                    AlertAddFiles(p, jb, pa->tx_id);
+                }
              }
  
              EveAddAppProto(p->flow, jb);
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 13 Mar 2024 20:26:05 +0000 (21:26 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 17 Apr 2024 15:09:04 +0000 (17:09 +0200)