From ef0ebc955030139a97399a77311950836434b951 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 4 Aug 2020 15:35:07 -0600
Subject: [PATCH] alert/eve: add snmp metadata for snmp alerts

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3441
---
 src/output-json-alert.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index f78313151c..ca8e3ba635 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -219,6 +219,20 @@ static void AlertJsonDns(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
     return;
 }
 
+static void AlertJsonSNMP(const Flow *f, const uint64_t tx_id, JsonBuilder *js)
+{
+    void *snmp_state = (void *)FlowGetAppState(f);
+    if (snmp_state != NULL) {
+        void *tx = AppLayerParserGetTx(f->proto, ALPROTO_SNMP, snmp_state,
+                tx_id);
+        if (tx != NULL) {
+            jb_open_object(js, "snmp");
+            rs_snmp_log_json_response(js, snmp_state, tx);
+            jb_close(js);
+        }
+    }
+}
+
 static void AlertJsonSourceTarget(const Packet *p, const PacketAlert *pa,
                                   JsonBuilder *js, JsonAddrInfo *addr)
 {
@@ -483,6 +497,9 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
                 jb_restore_mark(jb, &mark);
             }
             break;
+        case ALPROTO_SNMP:
+            AlertJsonSNMP(p->flow, tx_id, jb);
+            break;
         default:
             break;
     }
-- 
2.47.2