drop json: add sids (if applicable)

If a drop is caused by a SID match, add it to the drop record.

diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index 19a4f071199c018ba7169205d70b2ea4ffe37613..1474517b6e030318d5a5db4c81cc7a59589c3aa6 100644 (file)
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -44,6 +44,7 @@
 
 #include "output.h"
 #include "output-json.h"
+#include "output-json-alert.h"
 
 #include "util-unittest.h"
 #include "util-unittest-helper.h"
@@ -133,6 +134,20 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
             break;
     }
     json_object_set_new(js, "drop", djs);
+
+    int i;
+    for (i = 0; i < p->alerts.cnt; i++) {
+        const PacketAlert *pa = &p->alerts.alerts[i];
+        if (unlikely(pa->s == NULL)) {
+            continue;
+        }
+        if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
+           ((pa->action & ACTION_DROP) && EngineModeIsIPS()))
+        {
+            AlertJsonHeader(pa, js);
+        }
+    }
+
     OutputJSONBuffer(js, aft->file_ctx, buffer);
     json_object_del(js, "drop");
     json_object_clear(js);