Project

General

Profile

Actions
Copy link

Feature #2416

closed

Increase XFF coverage to files and http log

Added by Maurizio Abba over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Maurizio Abba
Target version:
4.1rc1
Effort:
Difficulty:
Label:

Description

XFF support is restricted to alert events. It would be nice to increase its coverage to HTTP and alert.

This modification will require the transformation of the HttpXFFGetIP to accept flows instead of packets. This function will anyway only use p->flow, using the flow directly instead of the single packet will obtain the same effect and allow to get the correct IPs.

Actions
Copy link
 #1

Updated by Maurizio Abba over 6 years ago

I'm not sure what logging would you include in this patch. Currently, XFF can be configured for eve-log and unified log. I added XFF support for files and http in eve-log. I didn't modify http.log, fast.log and metafiles.

Actions
Copy link
 #2

Updated by Andreas Herz about 6 years ago

  • Target version set to TBD
Actions
Copy link
 #3

Updated by Maurizio Abba over 5 years ago

  • Status changed from Assigned to Closed
Actions
Copy link
 #4

Updated by Victor Julien over 5 years ago

  • Target version changed from TBD to 4.1rc1
Actions
Copy link

Also available in: Atom PDF