From: Victor Julien <victor@inliniac.net>
Date: Tue, 10 Dec 2019 11:48:56 +0000 (+0100)
Subject: eve: support pcap_filename for unix socket mode
X-Git-Tag: suricata-4.1.6~18
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4438%2Fhead;p=thirdparty%2Fsuricata.git

eve: support pcap_filename for unix socket mode

Bug #3390.

(cherry picked from commit eceb7dcba46621ab0ac5f600812c74fe4152affc)
---

diff --git a/src/output-json.c b/src/output-json.c
index ab488b9c70..cbcf02d924 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -1040,7 +1040,8 @@ OutputInitResult OutputJsonInitCtx(ConfNode *conf)
         const char *pcapfile_s = ConfNodeLookupChildValue(conf, "pcap-file");
         if (pcapfile_s != NULL && ConfValIsTrue(pcapfile_s)) {
             json_ctx->file_ctx->is_pcap_offline =
-                (RunmodeGetCurrent() == RUNMODE_PCAP_FILE);
+                (RunmodeGetCurrent() == RUNMODE_PCAP_FILE ||
+                 RunmodeGetCurrent() == RUNMODE_UNIX_SOCKET);
         }
 
         json_ctx->file_ctx->type = json_ctx->json_out;