From: Eric Leblond Date: Tue, 15 Sep 2015 13:48:19 +0000 (+0200) Subject: json-email: JsonEmailAddMetadata update X-Git-Tag: suricata-3.0RC1~89 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96412e8921b6c145ddc8bf06551a6e8abfb4d79d;p=thirdparty%2Fsuricata.git json-email: JsonEmailAddMetadata update Add tx_id to the list of params to be in sync with recent changes. --- diff --git a/src/output-json-alert.c b/src/output-json-alert.c index ce216ddaad..6be573054e 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -48,6 +48,7 @@ #include "app-layer-htp-xff.h" #include "util-classification-config.h" #include "util-syslog.h" +#include "util-logopenfile.h" #include "output.h" #include "output-json.h" @@ -55,6 +56,7 @@ #include "output-json-tls.h" #include "output-json-ssh.h" #include "output-json-smtp.h" +#include "output-json-email-common.h" #include "util-byte.h" #include "util-privs.h" @@ -62,7 +64,6 @@ #include "util-proto-name.h" #include "util-optimize.h" #include "util-buffer.h" -#include "util-logopenfile.h" #include "util-crypt.h" #define MODULE_NAME "JsonAlertLog" @@ -249,6 +250,10 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) hjs = JsonSMTPAddMetadata(p->flow, pa->tx_id); if (hjs) json_object_set_new(js, "smtp", hjs); + + hjs = JsonEmailAddMetadata(p->flow, pa->tx_id); + if (hjs) + json_object_set_new(js, "email", hjs); } FLOWLOCK_UNLOCK(p->flow); diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c index b255a8e493..d54b7b4d02 100644 --- a/src/output-json-email-common.c +++ b/src/output-json-email-common.c @@ -396,11 +396,10 @@ TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, F SCReturnInt(TM_ECODE_FAILED); } -json_t *JsonEmailAddMetadata(const Flow *f) +json_t *JsonEmailAddMetadata(const Flow *f, uint32_t tx_id) { SMTPState *smtp_state = (SMTPState *)FlowGetAppState(f); if (smtp_state) { - uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser); SMTPTransaction *tx = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_SMTP, smtp_state, tx_id); if (tx) { diff --git a/src/output-json-email-common.h b/src/output-json-email-common.h index afb3b91bfc..88cfa5576b 100644 --- a/src/output-json-email-common.h +++ b/src/output-json-email-common.h @@ -38,7 +38,7 @@ typedef struct JsonEmailLogThread_ { } JsonEmailLogThread; TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, Flow *f, void *state, void *vtx, uint64_t tx_id); -json_t *JsonEmailAddMetadata(const Flow *f); +json_t *JsonEmailAddMetadata(const Flow *f, uint32_t tx_id); #endif void OutputEmailInitConf(ConfNode *conf, OutputJsonEmailCtx *email_ctx); diff --git a/src/output-json-file.c b/src/output-json-file.c index b13852bd16..f2f21df34b 100644 --- a/src/output-json-file.c +++ b/src/output-json-file.c @@ -102,7 +102,7 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F hjs = JsonSMTPAddMetadata(p->flow, ff->txid); if (hjs) json_object_set_new(js, "smtp", hjs); - hjs = JsonEmailAddMetadata(p->flow); + hjs = JsonEmailAddMetadata(p->flow, ff->txid); if (hjs) json_object_set_new(js, "email", hjs); break;