From 6fd9b4b255abac78a4dff88dcd4d10f279c632ce Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Fri, 31 Jan 2014 11:54:19 +0100
Subject: [PATCH] json: add event_type key

This patch adds an event_type key to the generated events. Current
value is one of "dns", "alert, "file", "tls", "http", "drop". It is
then easy to differentiate in log analysis tools the events based on
source inside Suricata.
---
 src/output-json-alert.c | 2 +-
 src/output-json-dns.c   | 2 +-
 src/output-json-drop.c  | 2 +-
 src/output-json-file.c  | 2 +-
 src/output-json-http.c  | 2 +-
 src/output-json-tls.c   | 2 +-
 src/output-json.c       | 6 +++++-
 src/output-json.h       | 2 +-
 8 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 71ba88066f..7bcf6a18ae 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -84,7 +84,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
 
     MemBufferReset(buffer);
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0);
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "alert");
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
diff --git a/src/output-json-dns.c b/src/output-json-dns.c
index 7f34f96e8c..7dde684324 100644
--- a/src/output-json-dns.c
+++ b/src/output-json-dns.c
@@ -217,7 +217,7 @@ static int JsonDnsLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flo
     LogDnsLogThread *td = (LogDnsLogThread *)thread_data;
     DNSTransaction *tx = txptr;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1);//TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "dns");//TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
diff --git a/src/output-json-drop.c b/src/output-json-drop.c
index ef00f6e30e..8511f91e85 100644
--- a/src/output-json-drop.c
+++ b/src/output-json-drop.c
@@ -79,7 +79,7 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p)
 {
     uint16_t proto = 0;
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    json_t *js = CreateJSONHeader((Packet *)p, 0);//TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "drop");//TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
diff --git a/src/output-json-file.c b/src/output-json-file.c
index 218a0f89d1..e7ff40bcf5 100644
--- a/src/output-json-file.c
+++ b/src/output-json-file.c
@@ -164,7 +164,7 @@ static json_t *LogFileMetaGetUserAgent(const Packet *p, const File *ff) {
  */
 static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff) {
     MemBuffer *buffer = (MemBuffer *)aft->buffer;
-    json_t *js = CreateJSONHeader((Packet *)p, 0); //TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "file"); //TODO const
     if (unlikely(js == NULL))
         return;
 
diff --git a/src/output-json-http.c b/src/output-json-http.c
index 7c41ea7edf..703f11692e 100644
--- a/src/output-json-http.c
+++ b/src/output-json-http.c
@@ -221,7 +221,7 @@ static int JsonHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Fl
     JsonHttpLogThread *jhl = (JsonHttpLogThread *)thread_data;
     MemBuffer *buffer = (MemBuffer *)jhl->buffer;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 1); //TODO const
+    json_t *js = CreateJSONHeader((Packet *)p, 1, "http"); //TODO const
     if (unlikely(js == NULL))
         return TM_ECODE_OK;
 
diff --git a/src/output-json-tls.c b/src/output-json-tls.c
index fa23129994..ce79d0fa85 100644
--- a/src/output-json-tls.c
+++ b/src/output-json-tls.c
@@ -131,7 +131,7 @@ static int JsonTlsLogger(ThreadVars *tv, void *thread_data, const Packet *p) {
     if (ssl_state->server_connp.cert0_issuerdn == NULL || ssl_state->server_connp.cert0_subject == NULL)
         goto end;
 
-    json_t *js = CreateJSONHeader((Packet *)p, 0);//TODO
+    json_t *js = CreateJSONHeader((Packet *)p, 0, "tls");//TODO
     if (unlikely(js == NULL))
         goto end;
 
diff --git a/src/output-json.c b/src/output-json.c
index 55647e2694..0483d668b1 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -148,7 +148,7 @@ static enum JsonOutput json_out = ALERT_FILE;
 
 static enum JsonFormat format = COMPACT;
 
-json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
+json_t *CreateJSONHeader(Packet *p, int direction_sensitive, char *event_type)
 {
     char timebuf[64];
     char srcip[46], dstip[46];
@@ -215,6 +215,10 @@ json_t *CreateJSONHeader(Packet *p, int direction_sensitive)
         json_object_set_new(js, "pcap_cnt", json_integer(p->pcap_cnt));
     }
 
+    if (event_type) {
+        json_object_set_new(js, "event_type", json_string(event_type));
+    }
+
     /* vlan */
     if (p->vlan_idx > 0) {
         json_t *js_vlan;
diff --git a/src/output-json.h b/src/output-json.h
index 16c55c0f73..dda4e82020 100644
--- a/src/output-json.h
+++ b/src/output-json.h
@@ -31,7 +31,7 @@ void TmModuleOutputJsonRegister (void);
 #include "suricata-common.h"
 #include "util-buffer.h"
 
-json_t *CreateJSONHeader(Packet *p, int direction_sensative);
+json_t *CreateJSONHeader(Packet *p, int direction_sensative, char *event_type);
 TmEcode OutputJSON(json_t *js, void *data, uint64_t *count);
 int OutputJSONBuffer(json_t *js, LogFileCtx *file_ctx, MemBuffer *buffer);
 OutputCtx *OutputJsonInitCtx(ConfNode *);