Project

General

Profile

Actions
Copy link

Bug #1324

closed
PM CT

vlan tag in eve.json

Bug #1324: vlan tag in eve.json

Added by Peter Manev over 11 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Community Ticket
Target version:
5.0beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Using Suricata 2.1beta2 - when VLAN tags are present in the traffic - eve.json writes an 

event_type:"alert"

with vlan id but 
event_type:"http"

does not reflect the vlan id at all. The VLAN tag is written only once in the eve.json output instead of once per every event_type present with VLAN ID.

pcap/rule pair privately shared.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2057: eve.json flow logs do not contain in_ifaceClosedCommunity TicketActions

AH Updated by Andreas Herz about 10 years ago Actions
Copy link
 #1

  • Assignee set to OISF Dev
  • Target version set to TBD

VJ Updated by Victor Julien about 10 years ago Actions
Copy link
 #2

Probably related to flow/stream end pseudo packets.

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #3

  • Related to Bug #2057: eve.json flow logs do not contain in_iface added

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
 #4

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Community Ticket
  • Target version changed from TBD to 5.0beta1

This should have been fixed while addressing #2057.

Actions
Copy link

Also available in: PDF Atom