Suricata

The output modules have no way of knowing which TX generated an alert currently. The detection engine has this information available, but that can't be accessed by outputs.

It's probably enough to add a tx_id field to the PacketAlert struct, plus a flag to it's flag field to indicate the TX id field is used. The outputs can then use this info.

A use case is this XFF patch: https://github.com/inliniac/suricata/pull/241/files#pullrequestreviewcomment-3095686, it retrieves the XFF field from the TX, but this needs to be the XFF field from the correct TX.

When implemented, please also add the TX id to the output of alert-debug.log.