Bug #2204
closedSuricata 3.2 not record some alert's xffip
Description
I check alerts found some alerts havn't xffip , but the alert-debug.log file contains xffip
please check the pics down below .
thank you !
Files
Updated by Peter Manev over 6 years ago
Have you enabled the proper configuration under -
https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L185
Can you please confirm if you are having the issue with 4.0.0 ?
Also if you can share a reproducible pcap would be great!
Updated by yg lu over 6 years ago
Peter Manev wrote:
Have you enabled the proper configuration under -
https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L185Can you please confirm if you are having the issue with 4.0.0 ?
Also if you can share a reproducible pcap would be great!
my config is ok, because there are only several alerts no xffip
tomorrow i will try 4.00 thank you
Updated by Andreas Herz over 6 years ago
- Assignee set to Anonymous
- Target version set to Support
Updated by Andreas Herz almost 6 years ago
- Status changed from New to Closed
Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs