aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/netflow: only log response record if we've seen response pkts

Browse Source
pull/3335/head
Victor Julien 7 years ago
parent c662383b53
commit 8c75a022ea
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File

28
src/output-json-netflow.c
Unescape Escape View File

@ -321,20 +321,22 @@ static int JsonNetFlowLogger(ThreadVars *tv, void *thread_data, Flow *f)
json_object_clear(js);
json_decref(js);
/* reset */
MemBufferReset(jhl->buffer);
js = CreateJSONHeaderFromFlow(f, "netflow", 1);
if (unlikely(js == NULL))
return TM_ECODE_OK;
JsonNetFlowLogJSONToClient(jhl, js, f);
if (netflow_ctx->include_metadata) {
JsonAddMetadata(NULL, f, js);
/* only log a response record if we actually have seen response packets */
if (f->tosrcpktcnt) {
/* reset */
MemBufferReset(jhl->buffer);
js = CreateJSONHeaderFromFlow(f, "netflow", 1);
if (unlikely(js == NULL))
return TM_ECODE_OK;
JsonNetFlowLogJSONToClient(jhl, js, f);
if (netflow_ctx->include_metadata) {
JsonAddMetadata(NULL, f, js);
}
OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer);
json_object_del(js, "netflow");
json_object_clear(js);
json_decref(js);
}
OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, &jhl->buffer);
json_object_del(js, "netflow");
json_object_clear(js);
json_decref(js);
SCReturnInt(TM_ECODE_OK);
}

Write Preview
Loading…
Cancel
Save