From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 13 Mar 2024 20:26:05 +0000 (+0100)
Subject: output/alert: check flag before logging app-layer
X-Git-Tag: suricata-8.0.0-beta1~1456
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b4e10224eaebb613352e9b82556b60035d032a1;p=thirdparty%2Fsuricata.git

output/alert: check flag before logging app-layer

Ticket: 6846
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index eb88af294a..99ffbc251d 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -627,12 +627,14 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
         }
 
         if (p->flow != NULL) {
-            if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
-                AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
-            }
-            /* including fileinfo data is configured by the metadata setting */
-            if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
-                AlertAddFiles(p, jb, pa->tx_id);
+            if (pa->flags & PACKET_ALERT_FLAG_TX) {
+                if (json_output_ctx->flags & LOG_JSON_APP_LAYER) {
+                    AlertAddAppLayer(p, jb, pa->tx_id, json_output_ctx->flags);
+                }
+                /* including fileinfo data is configured by the metadata setting */
+                if (json_output_ctx->flags & LOG_JSON_RULE_METADATA) {
+                    AlertAddFiles(p, jb, pa->tx_id);
+                }
             }
 
             EveAddAppProto(p->flow, jb);