diff --git a/src/output-json.c b/src/output-json.c index 00d99fc6972c..e25ee516fbe6 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -581,8 +581,10 @@ void JsonAddrInfoInit(const Packet *p, enum OutputJsonLogDirection dir, JsonAddr case IPPROTO_SCTP: addr->sp = sp; addr->dp = dp; + addr->log_port = true; break; default: + addr->log_port = false; break; } @@ -880,11 +882,21 @@ JsonBuilder *CreateEveHeader(const Packet *p, enum OutputJsonLogDirection dir, JsonAddrInfoInit(p, dir, &addr_info); addr = &addr_info; } - jb_set_string(js, "src_ip", addr->src_ip); - jb_set_uint(js, "src_port", addr->sp); - jb_set_string(js, "dest_ip", addr->dst_ip); - jb_set_uint(js, "dest_port", addr->dp); - jb_set_string(js, "proto", addr->proto); + if (addr->src_ip[0] != '\0') { + jb_set_string(js, "src_ip", addr->src_ip); + } + if (addr->log_port) { + jb_set_uint(js, "src_port", addr->sp); + } + if (addr->dst_ip[0] != '\0') { + jb_set_string(js, "dest_ip", addr->dst_ip); + } + if (addr->log_port) { + jb_set_uint(js, "dest_port", addr->dp); + } + if (addr->proto[0] != '\0') { + jb_set_string(js, "proto", addr->proto); + } /* icmp */ switch (p->proto) { diff --git a/src/output-json.h b/src/output-json.h index dca6e88e700a..9bc448cbe6ca 100644 --- a/src/output-json.h +++ b/src/output-json.h @@ -52,6 +52,8 @@ typedef struct JsonAddrInfo_ { Port sp; Port dp; char proto[JSON_PROTO_LEN]; + // Ports are logged only when provided by the transport protocol. + bool log_port; } JsonAddrInfo; extern const JsonAddrInfo json_addr_info_zero;