eve/alert: add direction field to log data way

Add a key in the event to specify if the data that did trigger the alert are in to_client or to_server direction.
4 years ago · a0065f4368
parent f1300e68c9
commit a0065f4368
1 changed files with 7 additions and 0 deletions
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@ -719,6 +719,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
            }

            EveAddAppProto(p->flow, jb);
+
+            if (p->flowflags & FLOW_PKT_TOSERVER) {
+                jb_set_string(jb, "direction", "to_server");
+            } else {
+                jb_set_string(jb, "direction", "to_client");
+            }
+
            if (json_output_ctx->flags & LOG_JSON_FLOW) {
                jb_open_object(jb, "flow");
                EveAddFlow(p->flow, jb);