feat(inputs.suricata): Add ability to parse drop or rejected

fixes: influxdata#13032
powersj · Apr 6, 2023 · a675373 · a675373
1 parent 35edd18
commit a675373
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/plugins/inputs/suricata/suricata.go b/plugins/inputs/suricata/suricata.go
@@ -230,17 +230,23 @@ func (s *Suricata) parse(acc telegraf.Accumulator, sjson []byte) error {
 	if err != nil {
 		return err
 	}
-	// check for presence of relevant stats or alert
+	// check for presence of relevant stats or alert or drop or reject
 	_, ok := result["stats"]
 	_, ok2 := result["alert"]
-	if !ok && !ok2 {
-		s.Log.Debugf("Invalid input without 'stats' or 'alert' object: %v", result)
-		return fmt.Errorf("input does not contain 'stats' or 'alert' object")
+	_, ok3 := result["drop"]
+	_, ok4 := result["reject"]
+	if !ok && !ok2 && !ok3 && !ok4 {
+		s.Log.Debugf("Invalid input without 'stats' or 'alert' or 'drop' or 'reject' object: %v", result)
+		return fmt.Errorf("input does not contain 'stats' or 'alert' or 'drop' or 'reject' object")
 	}
 	if ok {
 		s.parseStats(acc, result)
 	} else if ok2 && s.Alerts {
 		s.parseAlert(acc, result)
+	} else if ok3 && s.Alerts {
+		s.parseAlert(acc, result)
+	} else if ok4 && s.Alerts {
+		s.parseAlert(acc, result)
 	}
 	return nil
 }