From 6f04988ba125ab6885340f1baa1eda0c06299104 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Tue, 15 Sep 2015 16:36:37 +0200
Subject: [PATCH] output-json: add tx_id to events

This patch updates alert, stmp and http JSON logging to have a
tx_id in the root of the JSON log message.
---
 src/output-json-alert.c | 8 +++++---
 src/output-json-http.c  | 5 +----
 src/output-json-smtp.c  | 2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 6be573054e..2c0d01714c 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -146,6 +146,11 @@ void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
         action = "blocked";
     }
 
+    /* Add tx_id to root element for correlation with other events. */
+    json_object_del(js, "tx_id");
+    if (pa->flags & PACKET_ALERT_FLAG_TX)
+        json_object_set_new(js, "tx_id", json_integer(pa->tx_id));
+
     json_t *ajs = json_object();
     if (ajs == NULL) {
         json_decref(js);
@@ -162,9 +167,6 @@ void AlertJsonHeader(const Packet *p, const PacketAlert *pa, json_t *js)
             json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
     json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
 
-    if (pa->flags & PACKET_ALERT_FLAG_TX)
-        json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
-
     if (p->tenant_id > 0)
         json_object_set_new(ajs, "tenant_id", json_integer(p->tenant_id));
 
diff --git a/src/output-json-http.c b/src/output-json-http.c
index 6cfed78ca3..6873987305 100644
--- a/src/output-json-http.c
+++ b/src/output-json-http.c
@@ -362,9 +362,6 @@ static void JsonHttpLogJSON(JsonHttpLogThread *aft, json_t *js, htp_tx_t *tx, ui
     if (http_ctx->flags & LOG_HTTP_EXTENDED)
         JsonHttpLogJSONExtended(hjs, tx);
 
-    /* tx id for correlation with alerts */
-    json_object_set_new(hjs, "tx_id", json_integer(tx_id));
-
     json_object_set_new(js, "http", hjs);
 }
 
@@ -376,7 +373,7 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const
+    json_t *js = CreateJSONHeaderWithTxId((Packet *)p, 1, "http", tx_id); //TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
diff --git a/src/output-json-smtp.c b/src/output-json-smtp.c
index be5275de17..617b7247f3 100644
--- a/src/output-json-smtp.c
+++ b/src/output-json-smtp.c
@@ -90,7 +90,7 @@ static int JsonSmtpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
     json_t *sjs;
-    json_t *js = CreateJSONHeader((Packet *)p, 1, "smtp");
+    json_t *js = CreateJSONHeaderWithTxId((Packet *)p, 1, "smtp", tx_id);
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
-- 
2.47.2