json: add event_type key

This patch adds an event_type key to the generated events. Current
value is one of "dns", "alert, "file", "tls", "http", "drop". It is
then easy to differentiate in log analysis tools the events based on
source inside Suricata.

src/output-json-alert.c

@@ -84,7 +84,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
 
     MemBufferReset(buffer);
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0);
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

src/output-json-dns.c

@@ -217,7 +217,7 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
     LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
     DNSTransaction *tx = txptr;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1);//TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "dns");//TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

src/output-json-drop.c

@@ -79,7 +79,7 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
 {
     uint16_t proto = 0;
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    json_t *js = CreateJSONHeader((Packet *)p, 0);//TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "drop");//TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

src/output-json-file.c

@@ -164,7 +164,7 @@ static json_t *LogFileMetaGetUserAgent(const Packet *p, const File *ff) {
  */
 static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff) {
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    json_t *js = CreateJSONHeader((Packet *)p, 0); //TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "file"); //TODO const
     if (unlikely(js == NULL))
         return;
 

src/output-json-http.c

@@ -221,7 +221,7 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1); //TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 

src/output-json-tls.c

@@ -131,7 +131,7 @@ static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p) {
     if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL)
         goto end;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0);//TODO
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "tls");//TODO
     if (unlikely(js == NULL))
         goto end;
 

src/output-json.c

@@ -148,7 +148,7 @@ static enum JsonOutput json_out = ALERT_FILE;
 
 static enum JsonFormat format = COMPACT;
 
-json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
+json_t *CreateJSONHeader(Packet *p, int direction_sensitive, char *event_type)
 {
     char timebuf[64];
     char srcip[46], dstip[46];
@@ -215,6 +215,10 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
         json_object_set_new(js, "pcap_cnt", json_integer(p->pcap_cnt));
     }
 
+    if (event_type) {
+        json_object_set_new(js, "event_type", json_string(event_type));
+    }
+
     /* vlan */
     if (p->vlan_idx > 0) {
         json_t *js_vlan;

src/output-json.h

@@ -31,7 +31,7 @@ void TmModuleOutputJsonRegister (void);
 #include "suricata-common.h"
 #include "util-buffer.h"
 
-json_t *CreateJSONHeader(Packet *p, int direction_sensative);
+json_t *CreateJSONHeader(Packet *p, int direction_sensative, char *event_type);
 TmEcode OutputJSON(json_t *js, void *data, uint64_t *count);
 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer *buffer);
 OutputCtx *OutputJsonInitCtx(ConfNode *);