eve/drop: use highest priority drop

When adding the alert to a drop record make sure the add the highest
priority.

It would until now add all drops from high to low prio, effectively
overwriting the record each time.

Ticket #4397

(cherry picked from commit 398ebf934509a8d27a1c8b858eae061b89d5c44a)

diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index 9cdd23a2f844794a8b8e3dcb2a3c7caf7336d75f..3eb7e6832b056612975cf0d8584abb02d71fde49 100644 (file)
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -164,6 +164,7 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
             {
                 AlertJsonHeader(NULL, p, pa, js, 0, &addr);
                 logged = 1;
+                break;
             }
         }
         if (logged == 0) {