From: Eric Leblond <eric@regit.org>
Date: Thu, 30 Apr 2015 13:24:52 +0000 (+0200)
Subject: file-json: log 'email' information
X-Git-Tag: suricata-3.0RC1~116
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54038f5691c0e3367651a1fa0b8ff3346ad5f07b;p=thirdparty%2Fsuricata.git

file-json: log 'email' information

Log information coming from email/MIME decoding in the message.
---

diff --git a/src/output-json-file.c b/src/output-json-file.c
index 8e1ea7796a..615ae596e8 100644
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -51,13 +51,14 @@
 #include "util-buffer.h"
 #include "util-byte.h"
 
+#include "log-file.h"
+#include "util-logopenfile.h"
+
 #include "output.h"
 #include "output-json.h"
 #include "output-json-http.h"
 #include "output-json-smtp.h"
-
-#include "log-file.h"
-#include "util-logopenfile.h"
+#include "output-json-email-common.h"
 
 #include "app-layer-htp.h"
 #include "util-memcmp.h"
@@ -101,6 +102,9 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
             hjs = JsonSMTPAddMetadata(p->flow);
             if (hjs)
                 json_object_set_new(js, "smtp", hjs);
+            hjs = JsonEmailAddMetadata(p->flow);
+            if (hjs)
+                json_object_set_new(js, "email", hjs);
             break;
     }
 
@@ -164,6 +168,7 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
             break;
         case ALPROTO_SMTP:
             json_object_del(js, "smtp");
+            json_object_del(js, "email");
             break;
     }