Project

General

Profile

Actions

Bug #2204

closed

Suricata 3.2 not record some alert's xffip

Added by yg lu over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

I check alerts found some alerts havn't xffip , but the alert-debug.log file contains xffip
please check the pics down below .
thank you !


Files

ids_alert1.png (130 KB) ids_alert1.png yg lu, 08/24/2017 03:59 AM
ids_debug01.png (182 KB) ids_debug01.png yg lu, 08/24/2017 03:59 AM
ids_debug02.png (223 KB) ids_debug02.png yg lu, 08/24/2017 03:59 AM
Actions #1

Updated by Peter Manev over 6 years ago

Have you enabled the proper configuration under -
https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L185

Can you please confirm if you are having the issue with 4.0.0 ?
Also if you can share a reproducible pcap would be great!

Actions #2

Updated by yg lu over 6 years ago

Peter Manev wrote:

Have you enabled the proper configuration under -
https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L185

Can you please confirm if you are having the issue with 4.0.0 ?
Also if you can share a reproducible pcap would be great!

my config is ok, because there are only several alerts no xffip
tomorrow i will try 4.00 thank you

Actions #3

Updated by Andreas Herz over 6 years ago

  • Assignee set to Anonymous
  • Target version set to Support
Actions #4

Updated by Andreas Herz over 5 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions

Also available in: Atom PDF