Project

General

Profile

Actions

Bug #236

closed

fast log xrefs should be removed.

Added by Will Metcalf about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Currently the suricata fast.log doesn't match the snort fast log. xrefs should be removed from fast log.

Example snort fast logs (ip addy's have been changed)
12/26-06:44:10.148430 [**] [1:2002750:23] ET POLICY Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {PROTO:007} 10.1.1.1 -> 10.1.1.2
12/26-11:11:11.012275 [**] [1:2009022:3] ET VIRUS Zlob User Agent - Likely Zlob (securityinternet) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.1.1:1033 -> 10.1.1.2:80
12/29-11:11:11.592820 [**] [1:2002750:23] ET POLICY Reserved IP Space Traffic - Bogon Nets 2 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {MANET} 10.1.1.1 -> 10.1.1.2


Files

Actions #1

Updated by Victor Julien about 12 years ago

  • Subject changed from fast log should fill in protcol name when known by /etc/protocols xrefs should be removed. to fast log xrefs should be removed.
Actions #2

Updated by Victor Julien about 12 years ago

  • Assignee changed from OISF Dev to Gurvinder Singh
  • Estimated time changed from 2.50 h to 5.00 h
Actions #3

Updated by Victor Julien about 12 years ago

  • Estimated time changed from 5.00 h to 1.00 h
Actions #4

Updated by Gurvinder Singh about 12 years ago

Patch has been attached.

Actions #5

Updated by Victor Julien about 12 years ago

  • Status changed from Resolved to Closed
  • % Done changed from 80 to 100

Patch applied to my local tree, thanks Gurvinder.

Actions

Also available in: Atom PDF