Support #1869
closed
Added by gv oleg over 7 years ago.
Updated over 7 years ago.
Description
Hello, what is status of 'tag' rule option? Can it be used? May be in master.
My latest suricata version (3.0.1) doesn't support it. Is latest 3.1.1 supports it?
I need very much ability to alert on some number of packets after given rule alerted.
Thanks!
The tag option should be supported, as in it should not error out. However, logging of tagged packets was broken in unified2 (the only output that currently supports tagging).
Or did you mean something else by not supported?
- Tracker changed from Feature to Support
Yes, i've checked,that this option (tag) is correctly parsed, but unified2 binary log doesn't contains tagged packets.
So, how much time to wait for fix-up? Month or half-year for example. May be some rough time prognosis exist about fixing up unifdied2 logging of tagged packets?
It's important to me to know: start to learn code and try to correct it by my own or wait for your fixup.
- Status changed from New to Closed
Ok, you'll want to checkout the git master version of Suricata, it fixes tagging for unified2 alerts. It will also be in the next patch release which shouldn't be too far away.
Also available in: Atom
PDF