multi-detect: add tenant id to alert json output

Add a integer field "tenant_id" to the JSON alert output.

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index a8f7f41f0f24e35a3f2a89d6cbece1a4f404dab3..3c4219b42876980c75698d8e74f3aed967965627 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -159,7 +159,7 @@ static void AlertJsonSsh(const Flow *f, json_t *js)
     return;
 }
 
-void AlertJsonHeader(const PacketAlert *pa, json_t *js)
+void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
 {
     char *action = "allowed";
     if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
@@ -187,6 +187,9 @@ void AlertJsonHeader(const PacketAlert *pa, json_t *js)
     if (pa->flags & PACKET_ALERT_FLAG_TX)
         json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
 
+    if (p->tenant_id > 0)
+        json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
+
     /* alert */
     json_object_set_new(js, "alert", ajs);
 }
@@ -214,7 +217,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
         MemBufferReset(aft->json_buffer);
 
         /* alert */
-        AlertJsonHeader(pa, js);
+        AlertJsonHeader(p, pa, js);
 
         if (json_output_ctx->flags & LOG_JSON_HTTP) {
             if (p->flow != NULL) {
@@ -431,6 +434,9 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
                             json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
         json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
 
+        if (p->tenant_id > 0)
+            json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
+
         /* alert */
         json_object_set_new(js, "alert", ajs);
         OutputJSONBuffer(js, aft->file_ctx, buffer);

diff --git a/src/output-json-alert.h b/src/output-json-alert.h
index 55313fbb555ab51a796c1e3f0eb2f441db1d7c9b..a10a316d20b3a1375313bdbffd078050d55336f2 100644 (file)
--- a/src/output-json-alert.h
+++ b/src/output-json-alert.h
@@ -29,7 +29,7 @@
 
 void TmModuleJsonAlertLogRegister (void);
 #ifdef HAVE_LIBJANSSON
-void AlertJsonHeader(const PacketAlert *pa, json_t *js);
+void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js);
 #endif /* HAVE_LIBJANSSON */
 
 #endif /* __OUTPUT_JSON_ALERT_H__ */

diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index d0a4275fd59b79898bfaaae710ae8bf589ae6672..c9b01df834958e8cf47a26f3a2e077e3929f06ab 100644 (file)
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -152,14 +152,14 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
             if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
                ((pa->action & ACTION_DROP) && EngineModeIsIPS()))
             {
-                AlertJsonHeader(pa, js);
+                AlertJsonHeader(p, pa, js);
                 logged = 1;
             }
         }
         if (logged == 0) {
             if (p->alerts.drop.action != 0) {
                 const PacketAlert *pa = &p->alerts.drop;
-                AlertJsonHeader(pa, js);
+                AlertJsonHeader(p, pa, js);
             }
         }
     }