Actions
Bug #2492
closedInverted IP params in fileinfo events
Affected Versions:
Effort:
Difficulty:
Label:
Actions
Added by Eric Leblond over 7 years ago. Updated over 7 years ago.
The fileinfo event for a HTTP GET request has the destination IP params set to the server instead of having it set to the client. The entry should respect the way of the data in the TCP session.
I think the logging should respect the file direction. In all implementations the files are in per-direction 'FileContainers' so this could be used to get the direction of the file.
Proposal implementation there: https://github.com/OISF/suricata/pull/3344