Project

General

Profile

Actions
Copy link

Bug #1855

closed
PM VJ

alert number output

Bug #1855: alert number output

Added by Peter Manev almost 10 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.0rc2
Affected Versions:
Effort:
Difficulty:
Label:

PM Updated by Peter Manev almost 10 years ago Actions
Copy link
 #1

  • Subject changed from alert number output. to alert number output

When using suricata 3.0.1 - if you want to do a fast check on a pcap you could simply run Suricata - 

....
29/7/2016 -- 00:46:50 - <Notice> - Signal Received.  Stopping engine.
29/7/2016 -- 00:46:50 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
29/7/2016 -- 00:46:50 - <Info> - preallocated 1024 packets. Total memory 3606528
29/7/2016 -- 00:46:50 - <Info> - time elapsed 0.882s
29/7/2016 -- 00:46:50 - <Info> - 1 flows processed
29/7/2016 -- 00:46:50 - <Notice> - Pcap-file module read 127 packets, 1072968 bytes
29/7/2016 -- 00:46:50 - <Info> - Stream TCP processed 127 TCP packets
29/7/2016 -- 00:46:50 - <Info> - Fast log output wrote 5 alerts
29/7/2016 -- 00:46:50 - <Info> - Alert unified2 module wrote 5 alerts
29/7/2016 -- 00:46:50 - <Info> - HTTP logger logged 2 requests

and you can see how many alerts/http requests the run generated.

It seems this is missing in 3.1.1 and necessitates an additional validation check through the logs to confirm alerting etc.

AH Updated by Andreas Herz over 9 years ago Actions
Copy link
 #2

  • Assignee set to OISF Dev
  • Target version set to 70

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
 #3

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from 70 to 4.0rc2

VJ Updated by Victor Julien almost 9 years ago Actions
Copy link
 #4

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: PDF Atom