Feature #154: Implement alert-debug logging for IPV6 as well. - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #154

closed

Implement alert-debug logging for IPV6 as well.

Added by Will Metcalf almost 14 years ago. Updated almost 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Gurvinder Singh

Target version:

1.0.0

Effort:

Difficulty:

Label:

Description

Currently if we get an IPV6 alert we just display the alert-fast format in alert-debug.log

from alert-debuglog.c
TmEcode AlertDebugLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
if (PKT_IS_IPV4(p)) {
return AlertDebugLogIPv4(tv, p, data, pq);
} else if (PKT_IS_IPV6(p)) {
return AlertDebugLogIPv6(tv, p, data, pq);
} {
...........
fprintf(aft->file_ctx->fp, "%s [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] s [**] [Classification: fixme] [Priority: %" PRIu32 "] {" PRIu32 "} s:" PRIu32 " > s:" PRIu32 "\n",
timebuf, pa>gid, pa->sid, pa->rev, pa->msg, pa->prio, IPV6_GET_L4PROTO(p), srcip, p->sp, dstip, p->dp);
.............
}

return TM_ECODE_OK;
}
................
TmEcode AlertDebugLogIPv6(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #154

Implement alert-debug logging for IPV6 as well.

Updated by Victor Julien almost 14 years ago

Updated by Victor Julien almost 14 years ago

Updated by Victor Julien almost 14 years ago

Updated by Victor Julien almost 14 years ago