Suricata

For all cases, be rule 'alert' or rule 'drop' or rule 'reject'
The field action, in 'eve log' is ever 'allowed'.

---

{"timestamp":"2014-04-10T10:02:39.874459",*"event_type":"alert"*,"src_ip":"177.207.216.168","src_port":6030,"dest_ip":"192.168.10.224","dest_port":80,"proto":"TCP","alert":{*"action":"allowed"*++,"gid":1,"signature_id":2005541,"rev":5,"signature":"ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code UPDATE","category":"Web Application Attack","severity":1}} {"timestamp":"2014-04-10T10:02:39.874459",*"event_type":"alert"*,"src_ip":"177.207.216.168","src_port":6030,"dest_ip":"192.168.10.224","dest_port":80,"proto":"TCP","alert":{*"action":"allowed"*++,"gid":1,"signature_id":2005541,"rev":5,"signature":"ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code UPDATE","category":"Web Application Attack","severity":1}} {"timestamp":"2014-04-10T10:02:39.874459",*"event_type":"alert"*,"src_ip":"177.207.216.168","src_port":6030,"dest_ip":"192.168.10.224","dest_port":80,"proto":"TCP","alert":{*"action":"allowed"*++,"gid":1,"signature_id":2006614,"rev":6,"signature":"ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D UPDATE","category":"Web Application Attack","severity":1}}
-------------------------------------------------------

Fixing this problem:
-------------------------------------------------------
diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 55c51dd..3d2a767 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@ -62,7 +62,7 @

#ifdef HAVE_LIBJANSSON

-extern int engine_mode;
+extern uint8_t engine_mode;

typedef struct JsonAlertLogThread_ {
     /** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
-------------------------------------------------------