]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
flow: log action applied to all packets
authorVictor Julien <victor@inliniac.net>
Fri, 10 Sep 2021 12:07:49 +0000 (14:07 +0200)
committerVictor Julien <vjulien@oisf.net>
Tue, 14 Jun 2022 19:12:17 +0000 (21:12 +0200)
Log if action applied to whole flow is drop or pass.

(cherry picked from commit 9a09fe454b846dd2cd42adaa4b569314ad083bdb)

src/output-json-flow.c

index 1a0b823334e54f2a0cd5aba55db23b9e98b6e325..fa8ad10092b3d43751020ff55b4408f9f34ae716 100644 (file)
@@ -285,6 +285,12 @@ static void EveFlowLogJSON(JsonFlowLogThread *aft, JsonBuilder *jb, Flow *f)
     if (f->flags & FLOW_WRONG_THREAD)
         JB_SET_TRUE(jb, "wrong_thread");
 
+    if (f->flags & FLOW_ACTION_DROP) {
+        JB_SET_STRING(jb, "action", "drop");
+    } else if (f->flags & FLOW_ACTION_PASS) {
+        JB_SET_STRING(jb, "action", "pass");
+    }
+
     /* Close flow. */
     jb_close(jb);