From: Eric Leblond <eric@regit.org>
Date: Wed, 29 Apr 2015 16:25:05 +0000 (+0200)
Subject: email-json: output MIME parsing status
X-Git-Tag: suricata-3.0RC1~123
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7e13c2c039901fdc4042431d693be31fe1c7ef1;p=thirdparty%2Fsuricata.git

email-json: output MIME parsing status

If the status is not PARSE_DONE then in that case we may have
imcomplete information. Increasing the stream reassemly depth
in that case would be a good idea.
---

diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c
index 17d4b0ec00..f5366efb97 100644
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@@ -104,6 +104,9 @@ TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packet *p, F
         }
 #endif
 
+        json_object_set_new(sjs, "status",
+                            json_string(MimeDecParseStateGetStatus(mime_state)));
+
         if ((entity->header_flags & HDR_IS_LOGGED) == 0) {
             MimeDecField *field;
             //printf("email LOG\n");