Project

General

Profile

Actions

Bug #2210

closed

logging: SC_LOG_OP_FILTER still displays some lines not matching filter

Added by Jason Ish about 7 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

For example, SC_LOG_LEVEL=debug SC_LOG_OP_FILTER="suricata\.c" will still show some lines, in particular rule parse errors that don't appear to match the provided regular expression.

Rev: d363a165c151beb2fce2d3cf28de4ccc9c72f910

Actions #1

Updated by Andreas Herz about 7 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Andreas Herz over 5 years ago

Is this still an issue?

Actions #3

Updated by Victor Julien about 5 years ago

Might be logs that are produced before the logging engine is complete initialized.

Actions #4

Updated by Philippe Antoine about 5 years ago

  • Assignee changed from OISF Dev to Philippe Antoine
Actions #5

Updated by Philippe Antoine about 5 years ago

  • Status changed from New to Closed
  • Target version changed from TBD to 5.0rc1

This seems to be no longer the case with 5.0rc1

Without the filter, I get some logs like
[775] 1/10/2019 -- 08:42:52 - (detect-parse.c:835) <Error> (SigParseProto) -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)]

With the filter, I no linger get them, and only get the filtered log messages such as
[775] 1/10/2019 -- 08:43:22 - (suricata.c:2883) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.

Actions

Also available in: Atom PDF