From: Victor Julien <victor@inliniac.net>
Date: Tue, 11 Mar 2014 14:48:10 +0000 (+0100)
Subject: eve-files: file -> fileinfo
X-Git-Tag: suricata-2.0rc3~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F885%2Fhead;p=thirdparty%2Fsuricata.git

eve-files: file -> fileinfo

Due to what appears to be an issue in logstash, the 'file' part of
the file event types was masked by a field that logstash-forwarder
added itself.

Since logstash-forwarder is an important part of the logstash stack,
this patch works around the issue by renaming our 'file' structure
to 'fileinfo', thus resolving the naming conflict.

Bug #1127
---

diff --git a/src/output-json-file.c b/src/output-json-file.c
index 2b46cfef23..4f637b248b 100644
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -231,9 +231,10 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
                         (ff->flags & FILE_STORED) ? json_true() : json_false());
     json_object_set_new(fjs, "size", json_integer(ff->size));
 
-    json_object_set_new(js, "file", fjs);
+    /* originally just 'file', but due to bug 1127 naming it fileinfo */
+    json_object_set_new(js, "fileinfo", fjs);
     OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, buffer);
-    json_object_del(js, "file");
+    json_object_del(js, "fileinfo");
     json_object_del(js, "http");
 
     json_object_clear(js);