]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e04b5f0)
json alert: fix action 892/head
authorVictor Julien <victor@inliniac.net>
Tue, 4 Mar 2014 13:41:45 +0000 (14:41 +0100)
committerVictor Julien <victor@inliniac.net>
Thu, 13 Mar 2014 10:18:56 +0000 (11:18 +0100)
It would give 'Pass' as an action when the rule is set to 'alert'.

src/output-json-alert.c patch | blob | blame | history

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index e27d3d1f64c0aa13b5684eff6af865e603aba727..55c51dd7d442476c61aaa92f2a148834e5d3dfd5 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -77,7 +77,6 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
 {
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
     int i;
-    char *action = "Pass";
 
     if (p->alerts.cnt == 0)
         return TM_ECODE_OK;
@@ -94,10 +93,11 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             continue;
         }
 
-        if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
-            action = "Drop";
-        } else if (pa->action & ACTION_DROP) {
-            action = "wDrop";
+        char *action = "allowed";
+        if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
+            action = "blocked";
+        } else if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+            action = "blocked";
         }
 
         json_t *ajs = json_object();
@@ -133,7 +133,6 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
     int i;
     char timebuf[64];
-    char *action = "Pass";
     json_t *js;
 
     if (p->alerts.cnt == 0)
@@ -149,10 +148,11 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
             continue;
         }
 
-        if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
-            action = "Drop";
-        } else if (pa->action & ACTION_DROP) {
-            action = "wDrop";
+        char *action = "allowed";
+        if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
+            action = "blocked";
+        } else if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+            action = "blocked";
         }
 
         char buf[(32 * 3) + 1];
Mirror of https://github.com/OISF/suricata.git