Project

General

Profile

Actions

Bug #2430

closed

http eve log data source/dest flip

Added by Jason Taylor over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

We started seeing some of our http traffic source and destination data
flipped.

As far as we can tell it appears to happen when a client is going to
port 443/ssl traffic through our proxies.

flow data source and destination are correct so it appears to maybe be
related to http parsing.

Attached are the suricata build information, json log data and pcap.


Files

evelog.txt (3.45 KB) evelog.txt eve log Jason Taylor, 02/01/2018 08:35 AM
suri.buildinfo.txt (3.18 KB) suri.buildinfo.txt suri build info Jason Taylor, 02/01/2018 08:35 AM
backwards.pcap (7.85 KB) backwards.pcap pcap Jason Taylor, 02/01/2018 08:35 AM

Related issues

Related to Bug #2480: http eve log data source/dest flip (4.0.x)ClosedVictor JulienActions
Actions #1

Updated by Andreas Herz over 3 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Victor Julien over 3 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 4.1beta1
Actions #3

Updated by Victor Julien over 3 years ago

  • Status changed from Assigned to Closed
Actions #4

Updated by Victor Julien over 3 years ago

  • Related to Bug #2480: http eve log data source/dest flip (4.0.x) added
Actions

Also available in: Atom PDF