alert json: move alert info into function

Move adding the alert info (sid,rev,gid,etc) into it's own function,
so it can be called from other outputs as well.

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 60dbf1fdb6d9f4e0f3bae38b95dd81af2a177293..3d567c0c6e3204ef4cab8f4800328e1febbd94f4 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -161,6 +161,38 @@ static void AlertJsonSsh(const Flow *f, json_t *js)
     return;
 }
 
+void AlertJsonHeader(const PacketAlert *pa, json_t *js)
+{
+    char *action = "allowed";
+    if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
+        action = "blocked";
+    } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
+        action = "blocked";
+    }
+
+    json_t *ajs = json_object();
+    if (ajs == NULL) {
+        json_decref(js);
+        return;
+    }
+
+    json_object_set_new(ajs, "action", json_string(action));
+    json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
+    json_object_set_new(ajs, "signature_id", json_integer(pa->s->id));
+    json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
+    json_object_set_new(ajs, "signature",
+            json_string((pa->s->msg) ? pa->s->msg : ""));
+    json_object_set_new(ajs, "category",
+            json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
+    json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
+
+    if (pa->flags & PACKET_ALERT_FLAG_TX)
+        json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
+
+    /* alert */
+    json_object_set_new(js, "alert", ajs);
+}
+
 static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
 {
     MemBuffer *payload = aft->payload_buffer;
@@ -181,36 +213,10 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             continue;
         }
 
-        char *action = "allowed";
-        if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
-            action = "blocked";
-        } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
-            action = "blocked";
-        }
-
-        json_t *ajs = json_object();
-        if (ajs == NULL) {
-            json_decref(js);
-            return TM_ECODE_OK;
-        }
-
         MemBufferReset(aft->json_buffer);
 
-        json_object_set_new(ajs, "action", json_string(action));
-        json_object_set_new(ajs, "gid", json_integer(pa->s->gid));
-        json_object_set_new(ajs, "signature_id", json_integer(pa->s->id));
-        json_object_set_new(ajs, "rev", json_integer(pa->s->rev));
-        json_object_set_new(ajs, "signature",
-                            json_string((pa->s->msg) ? pa->s->msg : ""));
-        json_object_set_new(ajs, "category",
-                            json_string((pa->s->class_msg) ? pa->s->class_msg : ""));
-        json_object_set_new(ajs, "severity", json_integer(pa->s->prio));
-
-        if (pa->flags & PACKET_ALERT_FLAG_TX)
-            json_object_set_new(ajs, "tx_id", json_integer(pa->tx_id));
-
         /* alert */
-        json_object_set_new(js, "alert", ajs);
+        AlertJsonHeader(pa, js);
 
         if (json_output_ctx->flags & LOG_JSON_HTTP) {
             if (p->flow != NULL) {

diff --git a/src/output-json-alert.h b/src/output-json-alert.h
index ec8abb7e4ebf24a45fbff22707e90247b0cf8e7d..55313fbb555ab51a796c1e3f0eb2f441db1d7c9b 100644 (file)
--- a/src/output-json-alert.h
+++ b/src/output-json-alert.h
@@ -28,6 +28,9 @@
 #define __OUTPUT_JSON_ALERT_H__
 
 void TmModuleJsonAlertLogRegister (void);
+#ifdef HAVE_LIBJANSSON
+void AlertJsonHeader(const PacketAlert *pa, json_t *js);
+#endif /* HAVE_LIBJANSSON */
 
 #endif /* __OUTPUT_JSON_ALERT_H__ */