Bug #236
closedfast log xrefs should be removed.
Description
Currently the suricata fast.log doesn't match the snort fast log. xrefs should be removed from fast log.
Example snort fast logs (ip addy's have been changed)
12/26-06:44:10.148430 [**] [1:2002750:23] ET POLICY Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {PROTO:007} 10.1.1.1 -> 10.1.1.2
12/26-11:11:11.012275 [**] [1:2009022:3] ET VIRUS Zlob User Agent - Likely Zlob (securityinternet) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.1.1:1033 -> 10.1.1.2:80
12/29-11:11:11.592820 [**] [1:2002750:23] ET POLICY Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {MANET} 10.1.1.1 -> 10.1.1.2
Files
Updated by Victor Julien over 13 years ago
- Subject changed from fast log should fill in protcol name when known by /etc/protocols xrefs should be removed. to fast log xrefs should be removed.
Updated by Victor Julien over 13 years ago
- Assignee changed from OISF Dev to Gurvinder Singh
- Estimated time changed from 2.50 h to 5.00 h
Updated by Victor Julien over 13 years ago
- Estimated time changed from 5.00 h to 1.00 h
Updated by Gurvinder Singh over 13 years ago
- File 0001-removed-xref-from-the-alert-fastlog.patch 0001-removed-xref-from-the-alert-fastlog.patch added
- Status changed from New to Resolved
- % Done changed from 0 to 80
Patch has been attached.
Updated by Victor Julien over 13 years ago
- Status changed from Resolved to Closed
- % Done changed from 80 to 100
Patch applied to my local tree, thanks Gurvinder.