Feature #2011: eve.alert: print outside IP addresses on alerts on traffic inside tunnels - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2011

closed

eve.alert: print outside IP addresses on alerts on traffic inside tunnels

Added by Mats Klepsland over 7 years ago. Updated about 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Mats Klepsland

Target version:

4.0beta1

Effort:

Difficulty:

Label:

Description

When an alert triggers on a GRE tunnel (or another tunnel supported by Suricata), we only log the IP addresses inside the tunnel in EVE-log. It would be useful to also log the IP addresses outside the tunnel and the tunnel protocol.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2011

eve.alert: print outside IP addresses on alerts on traffic inside tunnels

Updated by Victor Julien about 7 years ago

Updated by Mats Klepsland about 7 years ago

Updated by Victor Julien about 7 years ago