Project

General

Profile

Actions
Copy link

Bug #5562

open

rule_perf.log with multiple sort orders is invalid JSON

Added by Simeon Miteff over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Simeon Miteff
Target version:
TBD
Affected Versions:
TBD
Effort:
Difficulty:
Label:

Description

When rules profiling is turned on and configured for JSON output with no sort order, all 7 orders are written to rules_profile.log as JSON objects concatenated without any delimiters or top-level JSON type. This means the content of rules_profile.log is not valid JSON.

I suspect this bug was introduced in https://github.com/OISF/suricata/commit/75907fce0662b500b280a0493524daf06523aaae, in which case it would affect 4.0.0+ (but I have not confirmed this).

Actions
Copy link
 #1

Updated by Simeon Miteff over 1 year ago

When rules profiling is turned on and configured for JSON output with no sort order, all 7 orders are written to rule_perf.log as JSON objects concatenated without any delimiters or top-level JSON type. This means the content of rule_perf.log is not valid JSON.

I suspect this bug was introduced in https://github.com/OISF/suricata/commit/75907fce0662b500b280a0493524daf06523aaae, in which case it would affect 4.0.0+ (but I have not confirmed this).

Actions
Copy link
 #2

Updated by Simeon Miteff over 1 year ago

  • Subject changed from rules_profile.log with multiple sort orders is invalid JSON to rule_perf.log with multiple sort orders is invalid JSON
Actions
Copy link

Also available in: Atom PDF