Project

General

Profile

Actions

Bug #4884

closed

eve.json remove app-layer specific fields from root object

Added by Jeff Lucovsky about 3 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Running jq 'select(.command)' tests/*/output/eve.json in Suricata-verify gives output containing

{
  "timestamp": "2013-06-17T21:59:47.428041+0000",
  "event_type": "alert",
  "filename": "temp.txt",
  "command": "RETR",
  "app_proto": "ftp-data",
}

where both filename and command should belong to a ftp-data object


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4860: eve.json remove app-layer specific fields from root objectClosedPhilippe AntoineActions
Actions #1

Updated by Jeff Lucovsky about 3 years ago

  • Copied from Bug #4860: eve.json remove app-layer specific fields from root object added
Actions #2

Updated by Jeff Lucovsky about 3 years ago

  • Label deleted (Needs backport)
Actions #3

Updated by Shivani Bhardwaj over 2 years ago

  • Status changed from Assigned to Rejected

Reason: highly visible change for a backport

Actions

Also available in: Atom PDF