Project

General

Profile

Actions

Feature #2011

closed

eve.alert: print outside IP addresses on alerts on traffic inside tunnels

Added by Mats Klepsland almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

When an alert triggers on a GRE tunnel (or another tunnel supported by Suricata), we only log the IP addresses inside the tunnel in EVE-log. It would be useful to also log the IP addresses outside the tunnel and the tunnel protocol.

Actions

Also available in: Atom PDF