Project

General

Profile

Actions
Copy link

Bug #1602

closed

eve-log prefix field feature broken

Added by Zach Rasmor over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
3.0RC2
Affected Versions:
Effort:
Difficulty:
Label:

Description

The eve-log prefix field is ignored. This was added as a feature in this release, but was undone by a later PR.

History:
Bug 1204 (https://redmine.openinfosecfoundation.org/issues/1454) added the prefix field and was fixed in PR 1532 (Merged through PR 1540)

In this commit, the prefix logic is not moved to the the newly created function: util-logopenfile.c:LogFileWrite
https://github.com/inliniac/suricata/commit/a13be67b5e6c26c53149b88f9565c58f7fbe3381
(Merged through 1712)

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #1454: Proposal to add Lumberjack/CEE formatting option to EVE JSON syslog output for compatibility with rsyslog parsingClosedZach Rasmor04/20/2015Actions
Actions
Copy link
 #1

Updated by Zach Rasmor over 8 years ago

Correction: it was Feature 1454 that added the prefix field (link is correct, text is incorrect)

Actions
Copy link
 #2

Updated by Zach Rasmor over 8 years ago

  • Related to Feature #1454: Proposal to add Lumberjack/CEE formatting option to EVE JSON syslog output for compatibility with rsyslog parsing added
Actions
Copy link
 #3

Updated by Victor Julien over 8 years ago

This should be restored through Eric's https://github.com/inliniac/suricata/pull/1757 (now also in master), can you confirm?

Actions
Copy link
 #4

Updated by Zach Rasmor over 8 years ago

Confirmed. Thanks a lot!

Actions
Copy link
 #5

Updated by Victor Julien over 8 years ago

  • Subject changed from eve-log prefix field feature ignored (undone by PR 1712) to eve-log prefix field feature broken
  • Status changed from New to Closed
  • Assignee set to Eric Leblond
  • Target version set to 3.0RC2
Actions
Copy link

Also available in: Atom PDF