Project

General

Profile

Actions
Copy link

Bug #1324

closed

vlan tag in eve.json

Added by Peter Manev over 9 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Community Ticket
Target version:
5.0beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Using Suricata 2.1beta2 - when VLAN tags are present in the traffic - eve.json writes an 

event_type:"alert"

with vlan id but 
event_type:"http"

does not reflect the vlan id at all. The VLAN tag is written only once in the eve.json output instead of once per every event_type present with VLAN ID.

pcap/rule pair privately shared.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2057: eve.json flow logs do not contain in_ifaceClosedCommunity TicketActions
Actions
Copy link
 #1

Updated by Andreas Herz about 8 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Victor Julien about 8 years ago

Probably related to flow/stream end pseudo packets.

Actions
Copy link
 #3

Updated by Victor Julien about 5 years ago

  • Related to Bug #2057: eve.json flow logs do not contain in_iface added
Actions
Copy link
 #4

Updated by Victor Julien almost 5 years ago

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Community Ticket
  • Target version changed from TBD to 5.0beta1

This should have been fixed while addressing #2057.

Actions
Copy link

Also available in: Atom PDF