From: Tom DeCanio <decanio.tom@gmail.com>
Date: Tue, 5 Nov 2013 17:50:47 +0000 (-0800)
Subject: Add vlan and pcap_cnt to JSON logs
X-Git-Tag: suricata-2.0rc1~106
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c95b085c5ac12e21808fd3fd2c162fb51658b5d;p=thirdparty%2Fsuricata.git

Add vlan and pcap_cnt to JSON logs
---

diff --git a/src/alert-json.c b/src/alert-json.c
index 5903a70e55..eb6de6be6c 100644
--- a/src/alert-json.c
+++ b/src/alert-json.c
@@ -228,6 +228,34 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensative)
     if (sensor_id >= 0)
         json_object_set_new(js, "sensor-id", json_integer(sensor_id));
 
+    /* pcap_cnt */
+    if (p->pcap_cnt != 0) {
+        json_object_set_new(js, "pcap_cnt", json_integer(p->pcap_cnt));
+    }
+
+    /* vlan */
+    if (p->vlan_idx > 0) {
+        json_t *js_vlan;
+        switch (p->vlan_idx) {
+        case 1:
+            json_object_set_new(js, "vlan",
+                                json_integer(ntohs(GET_VLAN_ID(p->vlanh[0]))));
+            break;
+        case 2:
+            js_vlan = json_array();
+            if (unlikely(js != NULL)) {
+                json_array_append_new(js_vlan,
+                                json_integer(ntohs(GET_VLAN_ID(p->vlanh[0]))));
+                json_array_append_new(js_vlan,
+                                json_integer(ntohs(GET_VLAN_ID(p->vlanh[1]))));
+                json_object_set_new(js, "vlan", js_vlan);
+            }
+            break;
+        default:
+            /* shouldn't get here */
+            break;
+        }
+    }
 
     /* tuple */
     json_object_set_new(js, "srcip", json_string(srcip));