Project

General

Profile

Actions

Bug #1324

closed

vlan tag in eve.json

Added by Peter Manev almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Using Suricata 2.1beta2 - when VLAN tags are present in the traffic - eve.json writes an

event_type:"alert" 

with vlan id but
event_type:"http" 

does not reflect the vlan id at all. The VLAN tag is written only once in the eve.json output instead of once per every event_type present with VLAN ID.

pcap/rule pair privately shared.


Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2057: eve.json flow logs do not contain in_ifaceClosedCommunity TicketActions
Actions #1

Updated by Andreas Herz almost 9 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Victor Julien almost 9 years ago

Probably related to flow/stream end pseudo packets.

Actions #3

Updated by Victor Julien over 5 years ago

  • Related to Bug #2057: eve.json flow logs do not contain in_iface added
Actions #4

Updated by Victor Julien over 5 years ago

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Community Ticket
  • Target version changed from TBD to 5.0beta1

This should have been fixed while addressing #2057.

Actions

Also available in: Atom PDF