From a0065f4368b0920b85fc8391ca68634a6ee80219 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Fri, 16 Apr 2021 23:21:49 +0200
Subject: [PATCH] eve/alert: add direction field to log data way

Add a key in the event to specify if the data that did
trigger the alert are in to_client or to_server direction.
---
 src/output-json-alert.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 9953daa4bb..cab6518671 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -719,6 +719,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             }
 
             EveAddAppProto(p->flow, jb);
+
+            if (p->flowflags & FLOW_PKT_TOSERVER) {
+                jb_set_string(jb, "direction", "to_server");
+            } else {
+                jb_set_string(jb, "direction", "to_client");
+            }
+
             if (json_output_ctx->flags & LOG_JSON_FLOW) {
                 jb_open_object(jb, "flow");
                 EveAddFlow(p->flow, jb);