Feature #1830: support 'tag' in eve log - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1830

closed

support 'tag' in eve log

Added by Victor Julien almost 9 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

3.1.2

Effort:

Difficulty:

Label:

Description

When using the tag keyword special tag records are being written out to unified2. This way more packets than just the one triggering the alert are logged.

Eve should support the same thing. Probably through the 'alert' record with a special sid/gid like in unified2.

History
Notes
Property changes

Updated by Victor Julien over 8 years ago

Status changed from Assigned to Closed
Target version changed from 70 to 3.1.2

Actions

Copy link

Also available in: Atom PDF

Project

General

Custom queries

Profile

Suricata

Feature #1830

support 'tag' in eve log

Updated by Jason Ish almost 9 years ago

Updated by Victor Julien over 8 years ago

Updated by Jason Ish over 8 years ago

Updated by Victor Julien over 8 years ago