Project

General

Profile

Actions
Copy link

Bug #1855

closed

alert number output

Added by Peter Manev over 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.0rc2
Affected Versions:
Effort:
Difficulty:
Label:
Actions
Copy link
 #1

Updated by Peter Manev over 7 years ago

  • Subject changed from alert number output. to alert number output

When using suricata 3.0.1 - if you want to do a fast check on a pcap you could simply run Suricata - 

....
29/7/2016 -- 00:46:50 - <Notice> - Signal Received.  Stopping engine.
29/7/2016 -- 00:46:50 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
29/7/2016 -- 00:46:50 - <Info> - preallocated 1024 packets. Total memory 3606528
29/7/2016 -- 00:46:50 - <Info> - time elapsed 0.882s
29/7/2016 -- 00:46:50 - <Info> - 1 flows processed
29/7/2016 -- 00:46:50 - <Notice> - Pcap-file module read 127 packets, 1072968 bytes
29/7/2016 -- 00:46:50 - <Info> - Stream TCP processed 127 TCP packets
29/7/2016 -- 00:46:50 - <Info> - Fast log output wrote 5 alerts
29/7/2016 -- 00:46:50 - <Info> - Alert unified2 module wrote 5 alerts
29/7/2016 -- 00:46:50 - <Info> - HTTP logger logged 2 requests

and you can see how many alerts/http requests the run generated.

It seems this is missing in 3.1.1 and necessitates an additional validation check through the logs to confirm alerting etc.

Actions
Copy link
 #2

Updated by Andreas Herz over 7 years ago

  • Assignee set to OISF Dev
  • Target version set to 70
Actions
Copy link
 #3

Updated by Victor Julien almost 7 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from 70 to 4.0rc2
Actions
Copy link
 #4

Updated by Victor Julien almost 7 years ago

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: Atom PDF