eve/alert: add direction field to log data way

author Eric Leblond <el@stamus-networks.com>

Fri, 16 Apr 2021 21:21:49 +0000 (23:21 +0200)

committer Victor Julien <vjulien@oisf.net>

Mon, 3 Oct 2022 09:03:09 +0000 (11:03 +0200)
author Eric Leblond <el@stamus-networks.com>
Fri, 16 Apr 2021 21:21:49 +0000 (23:21 +0200)
committer Victor Julien <vjulien@oisf.net>
Mon, 3 Oct 2022 09:03:09 +0000 (11:03 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index 9953daa4bbc9751c22e05ada85c664933e93b21d..cab6518671fde0a6cf73eb6d68a1ceaeecb6e742 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -719,6 +719,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
              }
  
              EveAddAppProto(p->flow, jb);
+
+            if (p->flowflags & FLOW_PKT_TOSERVER) {
+                jb_set_string(jb, "direction", "to_server");
+            } else {
+                jb_set_string(jb, "direction", "to_client");
+            }
+
              if (json_output_ctx->flags & LOG_JSON_FLOW) {
                  jb_open_object(jb, "flow");
                  EveAddFlow(p->flow, jb);
author	Eric Leblond <el@stamus-networks.com>
	Fri, 16 Apr 2021 21:21:49 +0000 (23:21 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Mon, 3 Oct 2022 09:03:09 +0000 (11:03 +0200)