log/anomaly: Move metadata out of anomaly section

author Jeff Lucovsky <jeff@lucovsky.org>

Fri, 18 Sep 2020 11:53:10 +0000 (07:53 -0400)

committer Victor Julien <victor@inliniac.net>

Mon, 28 Sep 2020 09:32:07 +0000 (11:32 +0200)
author Jeff Lucovsky <jeff@lucovsky.org>
Fri, 18 Sep 2020 11:53:10 +0000 (07:53 -0400)
committer Victor Julien <victor@inliniac.net>
Mon, 28 Sep 2020 09:32:07 +0000 (11:32 +0200)
diff --git a/src/output-json-anomaly.c b/src/output-json-anomaly.c

index 112076edb5bf681f32dcafa88c003ae7a2018337..ad55ecc36fc49b59e7ae8ab388422eacd1b7c378 100644 (file)
--- a/src/output-json-anomaly.c
+++ b/src/output-json-anomaly.c
@@ -128,12 +128,12 @@ static int AnomalyDecodeEventJson(ThreadVars *tv, JsonAnomalyLogThread *aft,
              return TM_ECODE_OK;
          }
  
-        jb_open_object(js, ANOMALY_EVENT_TYPE);
-
          if (is_ip_pkt) {
              EveAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js);
          }
  
+        jb_open_object(js, ANOMALY_EVENT_TYPE);
+
          if (event_code < DECODE_EVENT_MAX) {
              const char *event = DEvents[event_code].event_name;
              if (EVENT_IS_DECODER_PACKET_ERROR(event_code)) {
author	Jeff Lucovsky <jeff@lucovsky.org>
	Fri, 18 Sep 2020 11:53:10 +0000 (07:53 -0400)
committer	Victor Julien <victor@inliniac.net>
	Mon, 28 Sep 2020 09:32:07 +0000 (11:32 +0200)