Feature #2282: event log aka weird.log - Suricata - Open Information Security Foundation

Custom queries

8.0.0 Stories
Good First Issues
OISF community
Open Doc tasks

Actions

Copy link

Feature #2282

closed

VJ JL

event log aka weird.log

Feature #2282: event log aka weird.log

Added by Victor Julien over 8 years ago. Updated almost 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

5.0beta1

Effort:

Difficulty:

Label:

Description

Suricata sets internal events on packet/engine/applayer errors. These can be matched on the rule language and are also counters.

The request here is to mimic Bro's 'weird.log' that logs such events.

Related issues 2 (2 open — 0 closed)

	Related to Suricata - Task #2309: SuriCon 2017 brainstorm	Assigned	Victor Julien	Actions
	Related to Suricata - Task #2685: SuriCon 2018 brainstorm	Assigned	Victor Julien	Actions

Issue # Delay: days Cancel Multiple values allowed (comma separated).

History
Notes
Property changes

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#1

Assignee set to OISF Dev
Target version set to TBD

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
#2

Related to Task #2309: SuriCon 2017 brainstorm added

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#3

Effort set to medium
Difficulty set to low

This would involve creating a new eve packet logger that is invoked if a packet has events set. It can then loop the events and log out each of them.

RH Updated by Raymond Hansen over 7 years ago Actions
Copy link
#4

Priority changed from Normal to High

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#5

Related to Task #2685: SuriCon 2018 brainstorm added

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
#6

Status changed from New to Assigned
Assignee changed from OISF Dev to Jeff Lucovsky
Priority changed from High to Normal
Target version changed from TBD to 5.0beta1

JL Updated by Jeff Lucovsky about 7 years ago Actions
Copy link
#7

Events in Bro's weird log: https://github.com/zeek/zeek/blob/release/2.6/scripts/base/frameworks/notice/weird.bro

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
#8

The goal is not to add Bro weird log compatibility, but more a similar facility that is inspired by it. We want to log all the events Suricata sets when it finds anomalies in traffic.

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
#9

Target version changed from 5.0beta1 to 5.0rc1

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
#10

Status changed from Assigned to Closed
Target version changed from 5.0rc1 to 5.0beta1
Effort deleted (~~medium~~)
Difficulty deleted (~~low~~)

https://github.com/OISF/suricata/pull/3819

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #2282

event log aka weird.log

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#3

RH Updated by Raymond Hansen over 7 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#5

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
#6

JL Updated by Jeff Lucovsky about 7 years ago Actions
Copy link
#7

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
#8

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
#9

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
#10

Project

General

Profile

Suricata

Custom queries

Feature #2282

event log aka weird.log

AH Updated by Andreas Herz over 8 years ago ActionsCopy link #1

VJ Updated by Victor Julien over 8 years ago ActionsCopy link #2

VJ Updated by Victor Julien over 7 years ago ActionsCopy link #3

RH Updated by Raymond Hansen over 7 years ago ActionsCopy link #4

VJ Updated by Victor Julien over 7 years ago ActionsCopy link #5

VJ Updated by Victor Julien about 7 years ago ActionsCopy link #6

JL Updated by Jeff Lucovsky about 7 years ago ActionsCopy link #7

VJ Updated by Victor Julien about 7 years ago ActionsCopy link #8

VJ Updated by Victor Julien almost 7 years ago ActionsCopy link #9

VJ Updated by Victor Julien almost 7 years ago ActionsCopy link #10

AH Updated by Andreas Herz over 8 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
#2

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#3

RH Updated by Raymond Hansen over 7 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#5

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
#6

JL Updated by Jeff Lucovsky about 7 years ago Actions
Copy link
#7

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
#8

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
#9

VJ Updated by Victor Julien almost 7 years ago Actions
Copy link
#10