From: Victor Julien <victor@inliniac.net>
Date: Sun, 1 Mar 2015 09:34:53 +0000 (+0100)
Subject: multi-detect: add tenant id to alert json output
X-Git-Tag: suricata-3.0RC1~203
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8673801ea3b7b5bba0c40fb916f33f53898b6069;p=thirdparty%2Fsuricata.git

multi-detect: add tenant id to alert json output

Add a integer field "tenant_id" to the JSON alert output.
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index a8f7f41f0f..3c4219b428 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -159,7 +159,7 @@ static void AlertJsonSsh(const Flow *f, json_t *js)
     return;
 }
 
-void AlertJsonHeader(const PacketAlert *pa, json_t *js)
+void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
 {
     char *action = "allowed";
     if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
@@ -187,6 +187,9 @@ void AlertJsonHeader(const PacketAlert *pa, json_t *js)
     if (pa->flags & PACKET_ALERT_FLAG_TX)
         json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
 
+    if (p->tenant_id > 0)
+        json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
+
     /* alert */
     json_object_set_new(js, "alert", ajs);
 }
@@ -214,7 +217,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
         MemBufferReset(aft->json_buffer);
 
         /* alert */
-        AlertJsonHeader(pa, js);
+        AlertJsonHeader(p, pa, js);
 
         if (json_output_ctx->flags & LOG_JSON_HTTP) {
             if (p->flow != NULL) {
@@ -431,6 +434,9 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const
                             json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
         json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
 
+        if (p->tenant_id > 0)
+            json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
+
         /* alert */
         json_object_set_new(js, "alert", ajs);
         OutputJSONBuffer(js, aft->file_ctx, buffer);
diff --git a/src/output-json-alert.h b/src/output-json-alert.h
index 55313fbb55..a10a316d20 100644
--- a/src/output-json-alert.h
+++ b/src/output-json-alert.h
@@ -29,7 +29,7 @@
 
 void TmModuleJsonAlertLogRegister (void);
 #ifdef HAVE_LIBJANSSON
-void AlertJsonHeader(const PacketAlert *pa, json_t *js);
+void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js);
 #endif /* HAVE_LIBJANSSON */
 
 #endif /* __OUTPUT_JSON_ALERT_H__ */
diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index d0a4275fd5..c9b01df834 100644
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -152,14 +152,14 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
             if ((pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) ||
                ((pa->action & ACTION_DROP) && EngineModeIsIPS()))
             {
-                AlertJsonHeader(pa, js);
+                AlertJsonHeader(p, pa, js);
                 logged = 1;
             }
         }
         if (logged == 0) {
             if (p->alerts.drop.action != 0) {
                 const PacketAlert *pa = &p->alerts.drop;
-                AlertJsonHeader(pa, js);
+                AlertJsonHeader(p, pa, js);
             }
         }
     }