From 85335d9cbeb101dac74e3ef8fb3a576f06803b2b Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 29 Jan 2014 19:42:46 +0100
Subject: [PATCH] alert json: make child of eve-log

Enable alert json for eve-log by registering the module as a sub-
module of eve-log.
---
 src/output-json-alert.c | 21 +++++++++++++++++++++
 src/output-json.c       |  5 -----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index c09d211614..0221567c41 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -296,6 +296,25 @@ static OutputCtx *JsonAlertLogInitCtx(ConfNode *conf)
     return output_ctx;
 }
 
+/**
+ * \brief Create a new LogFileCtx for "fast" output style.
+ * \param conf The configuration node for this output.
+ * \return A LogFileCtx pointer on success, NULL on failure.
+ */
+static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx)
+{
+    AlertJsonThread *ajt = parent_ctx->data;
+
+    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
+    if (unlikely(output_ctx == NULL))
+        return NULL;
+
+    output_ctx->data = ajt->file_ctx;
+    output_ctx->DeInit = JsonAlertLogDeInitCtx;
+
+    return output_ctx;
+}
+
 void TmModuleJsonAlertLogRegister (void) {
     tmm_modules[TMM_JSONALERTLOG].name = MODULE_NAME;
     tmm_modules[TMM_JSONALERTLOG].ThreadInit = JsonAlertLogThreadInit;
@@ -304,6 +323,8 @@ void TmModuleJsonAlertLogRegister (void) {
 
     OutputRegisterPacketModule(MODULE_NAME, "alert-json-log",
             JsonAlertLogInitCtx, JsonAlertLogger, JsonAlertLogCondition);
+    OutputRegisterPacketSubModule("eve-log", MODULE_NAME, "alert",
+            JsonAlertLogInitCtxSub, JsonAlertLogger, JsonAlertLogCondition);
 }
 
 #else
diff --git a/src/output-json.c b/src/output-json.c
index 957992f27f..9a65b89f50 100644
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -535,11 +535,6 @@ OutputCtx *OutputJsonInitCtx(ConfNode *conf)
              * registration capability
              */
             TAILQ_FOREACH(output, &outputs->head, next) {
-                if (strcmp(output->val, "alert") == 0) {
-                    SCLogDebug("Enabling alert output");
-                    output_flags |= OUTPUT_ALERTS;
-                    continue;
-                }
                 if (strcmp(output->val, "drop") == 0) {
                     SCLogDebug("Enabling drop output");
                     output_flags |= OUTPUT_DROP;