From: Victor Julien <victor@inliniac.net>
Date: Fri, 10 Sep 2021 12:07:49 +0000 (+0200)
Subject: flow: log action applied to all packets
X-Git-Tag: suricata-7.0.0-beta1~1411
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a09fe454b846dd2cd42adaa4b569314ad083bdb;p=thirdparty%2Fsuricata.git

flow: log action applied to all packets

Log if action applied to whole flow is drop or pass.
---

diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 4025480fff..1a999da4df 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -273,6 +273,12 @@ static void EveFlowLogJSON(OutputJsonThreadCtx *aft, JsonBuilder *jb, Flow *f)
     if (f->flags & FLOW_WRONG_THREAD)
         JB_SET_TRUE(jb, "wrong_thread");
 
+    if (f->flags & FLOW_ACTION_DROP) {
+        JB_SET_STRING(jb, "action", "drop");
+    } else if (f->flags & FLOW_ACTION_PASS) {
+        JB_SET_STRING(jb, "action", "pass");
+    }
+
     /* Close flow. */
     jb_close(jb);