From: Eric Leblond <eric@regit.org>
Date: Thu, 30 Apr 2015 11:44:58 +0000 (+0200)
Subject: file-json: output smtp proto info
X-Git-Tag: suricata-3.0RC1~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77119a31863ee9cc3bedcd8abf007914ba7942cc;p=thirdparty%2Fsuricata.git

file-json: output smtp proto info
---

diff --git a/src/output-json-file.c b/src/output-json-file.c
index 556d7e2d2b..8e1ea7796a 100644
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -54,6 +54,7 @@
 #include "output.h"
 #include "output-json.h"
 #include "output-json-http.h"
+#include "output-json-smtp.h"
 
 #include "log-file.h"
 #include "util-logopenfile.h"
@@ -96,6 +97,11 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
             if (hjs)
                 json_object_set_new(js, "http", hjs);
             break;
+        case ALPROTO_SMTP:
+            hjs = JsonSMTPAddMetadata(p->flow);
+            if (hjs)
+                json_object_set_new(js, "smtp", hjs);
+            break;
     }
 
 
@@ -151,7 +157,15 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
     json_object_set_new(js, "fileinfo", fjs);
     OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, buffer);
     json_object_del(js, "fileinfo");
-    json_object_del(js, "http");
+
+    switch (p->flow->alproto) {
+        case ALPROTO_HTTP:
+            json_object_del(js, "http");
+            break;
+        case ALPROTO_SMTP:
+            json_object_del(js, "smtp");
+            break;
+    }
 
     json_object_clear(js);
     json_decref(js);