Actions
Bug #2091
opennonexistent/misspelled custom fields accepted during parsing of suricata.yaml
Affected Versions:
Effort:
Difficulty:
Label:
Beginner, C, Good First Issue
Description
This is Suricata version 4.0dev (rev 9ff8882)
If there is misspelled or nonexistent custom field in eve.json's section Suricata would not error out/warn on start - example:
- http:
custom: [accept, accept-charset, accept-encoding, accept-language,
proxy-authenticate, referrer, refresh, retry-after, server,
set-cookie, trailer, transfer-encoding, upgrade, vary, warning,
www-authenticate, mychemicalromance]
- smtp:
custom: [received, sensitivity, organization, content-md5, date, mychemicalromance]
Updated by Andreas Herz about 8 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Jason Ish about 6 years ago
Andreas Herz wrote:
But it doesn't hurt either right?
Doesn't hurt, but may improve user experience. Just in case you entered "receved" by accident and can't figure out why you are not seeing that in the output.
Updated by Peter Manev about 6 years ago
Also it may not err on a filed we don't parse or support yet and leave the user with the wrong impression that everything is ok and expecting to see those values.
Updated by Philippe Antoine 7 days ago
- Label Beginner, C, Good First Issue added
Updated by Philippe Antoine 7 days ago
- Related to Optimization #7189: http/conf: warn or error on invalid value in custom headers logging added
Updated by Philippe Antoine 6 days ago
- Related to Bug #4330: file hash parameter in yaml accepts non valid values added
Actions