]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a233a98)
email-json: output MIME parsing status
authorEric Leblond <eric@regit.org>
Wed, 29 Apr 2015 16:25:05 +0000 (18:25 +0200)
committerEric Leblond <eric@regit.org>
Fri, 2 Oct 2015 20:57:58 +0000 (22:57 +0200)
If the status is not PARSE_DONE then in that case we may have
imcomplete information. Increasing the stream reassemly depth
in that case would be a good idea.

src/output-json-email-common.c patch | blob | blame | history

diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c
index 17d4b0ec00e59bff0c8635cdd9c3d42ce5f41743..f5366efb974619f765a041025b9217cb5d8f6dee 100644 (file)
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@@ -104,6 +104,9 @@ TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, F
         }
 #endif
 
+        json_object_set_new(sjs, "status",
+                            json_string(MimeDecParseStateGetStatus(mime_state)));
+
         if ((entity->header_flags & HDR_IS_LOGGED) == 0) {
             MimeDecField *field;
             //printf("email LOG\n");
Mirror of https://github.com/OISF/suricata.git