Actions
Bug #2210
closedlogging: SC_LOG_OP_FILTER still displays some lines not matching filter
Affected Versions:
Effort:
Difficulty:
Label:
Description
For example, SC_LOG_LEVEL=debug SC_LOG_OP_FILTER="suricata\.c" will still show some lines, in particular rule parse errors that don't appear to match the provided regular expression.
Rev: d363a165c151beb2fce2d3cf28de4ccc9c72f910
Updated by Andreas Herz about 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien about 5 years ago
Might be logs that are produced before the logging engine is complete initialized.
Updated by Philippe Antoine about 5 years ago
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Philippe Antoine about 5 years ago
- Status changed from New to Closed
- Target version changed from TBD to 5.0rc1
This seems to be no longer the case with 5.0rc1
Without the filter, I get some logs like[775] 1/10/2019 -- 08:42:52 - (detect-parse.c:835) <Error> (SigParseProto) -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)]
With the filter, I no linger get them, and only get the filtered log messages such as [775] 1/10/2019 -- 08:43:22 - (suricata.c:2883) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.
Actions