Feature #2282
closed
Added by Victor Julien over 6 years ago.
Updated almost 5 years ago.
Description
Suricata sets internal events on packet/engine/applayer errors. These can be matched on the rule language and are also counters.
The request here is to mimic Bro's 'weird.log' that logs such events.
Related issues
2 (2 open — 0 closed)
- Assignee set to OISF Dev
- Target version set to TBD
- Related to Task #2309: SuriCon 2017 brainstorm added
- Effort set to medium
- Difficulty set to low
This would involve creating a new eve packet logger that is invoked if a packet has events set. It can then loop the events and log out each of them.
- Priority changed from Normal to High
- Related to Task #2685: SuriCon 2018 brainstorm added
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jeff Lucovsky
- Priority changed from High to Normal
- Target version changed from TBD to 5.0beta1
The goal is not to add Bro weird log compatibility, but more a similar facility that is inspired by it. We want to log all the events Suricata sets when it finds anomalies in traffic.
- Target version changed from 5.0beta1 to 5.0rc1
- Status changed from Assigned to Closed
- Target version changed from 5.0rc1 to 5.0beta1
- Effort deleted (
medium)
- Difficulty deleted (
low)
Also available in: Atom
PDF