From: Eric Leblond <el@stamus-networks.com>
Date: Fri, 16 Apr 2021 21:21:49 +0000 (+0200)
Subject: eve/alert: add direction field to log data way
X-Git-Tag: suricata-7.0.0-beta1~106
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0065f4368b0920b85fc8391ca68634a6ee80219;p=thirdparty%2Fsuricata.git

eve/alert: add direction field to log data way

Add a key in the event to specify if the data that did
trigger the alert are in to_client or to_server direction.
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 9953daa4bb..cab6518671 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -719,6 +719,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             }
 
             EveAddAppProto(p->flow, jb);
+
+            if (p->flowflags & FLOW_PKT_TOSERVER) {
+                jb_set_string(jb, "direction", "to_server");
+            } else {
+                jb_set_string(jb, "direction", "to_client");
+            }
+
             if (json_output_ctx->flags & LOG_JSON_FLOW) {
                 jb_open_object(jb, "flow");
                 EveAddFlow(p->flow, jb);