Project

General

Profile

Actions

Bug #4860

closed

eve.json remove app-layer specific fields from root object

Added by Philippe Antoine about 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 5.0, Needs backport to 6.0

Description

Running jq 'select(.command)' tests/*/output/eve.json in Suricata-verify gives output containing

{
  "timestamp": "2013-06-17T21:59:47.428041+0000",
  "event_type": "alert",
  "filename": "temp.txt",
  "command": "RETR",
  "app_proto": "ftp-data",
}

where both filename and command should belong to a ftp-data object


Related issues 3 (0 open3 closed)

Related to Suricata - Feature #1369: eve: json schemaClosedJason IshActions
Copied to Suricata - Bug #4884: eve.json remove app-layer specific fields from root objectRejectedShivani BhardwajActions
Copied to Suricata - Bug #4885: eve.json remove app-layer specific fields from root objectRejectedJeff LucovskyActions
Actions #1

Updated by Philippe Antoine about 3 years ago

Actions #2

Updated by Philippe Antoine about 3 years ago

  • Subject changed from eve.json ftp-data in root object to eve.json remove app-layer specific fiels from root object
Actions #3

Updated by Philippe Antoine about 3 years ago

This is also true for xff which belongs to HTTP1

Actions #4

Updated by Philippe Antoine about 3 years ago

  • Status changed from New to In Review
Actions #5

Updated by Jeff Lucovsky about 3 years ago

  • Subject changed from eve.json remove app-layer specific fiels from root object to eve.json remove app-layer specific fields from root object
Actions #6

Updated by Jeff Lucovsky about 3 years ago

  • Copied to Bug #4884: eve.json remove app-layer specific fields from root object added
Actions #7

Updated by Jeff Lucovsky about 3 years ago

  • Copied to Bug #4885: eve.json remove app-layer specific fields from root object added
Actions #8

Updated by Philippe Antoine over 2 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF