Actions
Feature #2282
closedevent log aka weird.log
Effort:
Difficulty:
Label:
Description
Suricata sets internal events on packet/engine/applayer errors. These can be matched on the rule language and are also counters.
The request here is to mimic Bro's 'weird.log' that logs such events.
Updated by Andreas Herz over 6 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien over 6 years ago
- Related to Task #2309: SuriCon 2017 brainstorm added
Updated by Victor Julien over 5 years ago
- Effort set to medium
- Difficulty set to low
This would involve creating a new eve packet logger that is invoked if a packet has events set. It can then loop the events and log out each of them.
Updated by Victor Julien over 5 years ago
- Related to Task #2685: SuriCon 2018 brainstorm added
Updated by Victor Julien about 5 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jeff Lucovsky
- Priority changed from High to Normal
- Target version changed from TBD to 5.0beta1
Updated by Jeff Lucovsky about 5 years ago
Events in Bro's weird log: https://github.com/zeek/zeek/blob/release/2.6/scripts/base/frameworks/notice/weird.bro
Updated by Victor Julien about 5 years ago
The goal is not to add Bro weird log compatibility, but more a similar facility that is inspired by it. We want to log all the events Suricata sets when it finds anomalies in traffic.
Updated by Victor Julien almost 5 years ago
- Target version changed from 5.0beta1 to 5.0rc1
Updated by Victor Julien almost 5 years ago
- Status changed from Assigned to Closed
- Target version changed from 5.0rc1 to 5.0beta1
- Effort deleted (
medium) - Difficulty deleted (
low)
Actions