eve.flow: log original and expected app_protocols

Log protocols if they are available.

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 5df87d842f7190ee89202c716a7e4dcccc029258..19f94bab3c99d35d497c63ad5763ce1739e4813b 100644 (file)
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -198,6 +198,14 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
         json_object_set_new(js, "app_proto_tc",
                 json_string(AppProtoToString(f->alproto_tc)));
     }
+    if (f->alproto_orig != f->alproto && f->alproto_orig != ALPROTO_UNKNOWN) {
+        json_object_set_new(js, "app_proto_orig",
+                json_string(AppProtoToString(f->alproto_orig)));
+    }
+    if (f->alproto_expect != f->alproto && f->alproto_expect != ALPROTO_UNKNOWN) {
+        json_object_set_new(js, "app_proto_expected",
+                json_string(AppProtoToString(f->alproto_expect)));
+    }
 
     json_object_set_new(hjs, "pkts_toserver",
             json_integer(f->todstpktcnt));