From: Victor Julien <victor@inliniac.net>
Date: Fri, 12 Mar 2021 09:22:01 +0000 (+0100)
Subject: eve/drop: use highest priority drop
X-Git-Tag: suricata-7.0.0-beta1~1724
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=398ebf934509a8d27a1c8b858eae061b89d5c44a;p=thirdparty%2Fsuricata.git

eve/drop: use highest priority drop

When adding the alert to a drop record make sure the add the highest
priority.

It would until now add all drops from high to low prio, effectively
overwriting the record each time.

Ticket #4397
---

diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index 9cdd23a2f8..3eb7e6832b 100644
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -164,6 +164,7 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
             {
                 AlertJsonHeader(NULL, p, pa, js, 0, &addr);
                 logged = 1;
+                break;
             }
         }
         if (logged == 0) {