output/alert: check flag before logging app-layer

author Philippe Antoine <pantoine@oisf.net>

Wed, 13 Mar 2024 20:26:05 +0000 (21:26 +0100)

committer Victor Julien <victor@inliniac.net>

Thu, 23 May 2024 15:27:39 +0000 (17:27 +0200)
author Philippe Antoine <pantoine@oisf.net>
Wed, 13 Mar 2024 20:26:05 +0000 (21:26 +0100)
committer Victor Julien <victor@inliniac.net>
Thu, 23 May 2024 15:27:39 +0000 (17:27 +0200)
diff --git a/src/output-json-alert.c b/src/output-json-alert.c

index a7df1065509ee755b5181634ba3ea1675d198197..1ce4366e896419cd5b955f03761f4d2c2896d8ee 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -782,12 +782,14 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
          }
  
          if (p->flow != NULL) {
-            if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
-                AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
-            }
-            /* including fileinfo data is configured by the metadata setting */
-            if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
-                AlertAddFiles(p, jb, pa->tx_id);
+            if (pa->flags & PACKET_ALERT_FLAG_TX) {
+                if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
+                    AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
+                }
+                /* including fileinfo data is configured by the metadata setting */
+                if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
+                    AlertAddFiles(p, jb, pa->tx_id);
+                }
              }
  
              EveAddAppProto(p->flow, jb);
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 13 Mar 2024 20:26:05 +0000 (21:26 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 23 May 2024 15:27:39 +0000 (17:27 +0200)