From 010a334e1a349568ee1315544c80eb0b33da9285 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 4 Mar 2014 14:41:45 +0100 Subject: [PATCH] json alert: fix action It would give 'Pass' as an action when the rule is set to 'alert'. --- src/output-json-alert.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/output-json-alert.c b/src/output-json-alert.c index e27d3d1f64..55c51dd7d4 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -77,7 +77,6 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) { MemBuffer *buffer = (MemBuffer *)aft->buffer; int i; - char *action = "Pass"; if (p->alerts.cnt == 0) return TM_ECODE_OK; @@ -94,10 +93,11 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) continue; } - if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { - action = "Drop"; - } else if (pa->action & ACTION_DROP) { - action = "wDrop"; + char *action = "allowed"; + if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) { + action = "blocked"; + } else if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { + action = "blocked"; } json_t *ajs = json_object(); @@ -133,7 +133,6 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const MemBuffer *buffer = (MemBuffer *)aft->buffer; int i; char timebuf[64]; - char *action = "Pass"; json_t *js; if (p->alerts.cnt == 0) @@ -149,10 +148,11 @@ static int AlertJsonDecoderEvent(ThreadVars *tv, JsonAlertLogThread *aft, const continue; } - if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { - action = "Drop"; - } else if (pa->action & ACTION_DROP) { - action = "wDrop"; + char *action = "allowed"; + if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) { + action = "blocked"; + } else if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) { + action = "blocked"; } char buf[(32 * 3) + 1]; -- 2.47.2