Project

General

Profile

Actions
Copy link

Feature #2011

closed

eve.alert: print outside IP addresses on alerts on traffic inside tunnels

Added by Mats Klepsland almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Mats Klepsland
Target version:
4.0beta1
Effort:
Difficulty:
Label:

Description

When an alert triggers on a GRE tunnel (or another tunnel supported by Suricata), we only log the IP addresses inside the tunnel in EVE-log. It would be useful to also log the IP addresses outside the tunnel and the tunnel protocol.

Actions
Copy link
 #1

Updated by Victor Julien almost 8 years ago

  • Subject changed from output-json-alert: print outside IP addresses on alerts on traffic inside tunnels to eve.alert: print outside IP addresses on alerts on traffic inside tunnels
  • Status changed from New to Assigned
  • Target version set to 70
Actions
Copy link
 #3

Updated by Victor Julien over 7 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.0beta1
Actions
Copy link

Also available in: Atom PDF