Bug #5769: Incomplete values for .stats."app_layer".flow.proto - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5769

closed

Incomplete values for .stats."app_layer".flow.proto

Added by Philippe Antoine 9 months ago. Updated 9 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

With ftp or whatever protocol
The two commands do not give the same result

jq 'select(.event_type=="flow" and .app_proto=="ftp") | .app_proto'  log/eve.json | wc -l
jq 'select(.event_type=="stats") | .stats."app_layer".flow.ftp' log/eve.json

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Updated by Philippe Antoine 9 months ago

Status changed from New to In Review
Target version changed from TBD to 7.0.0-rc1

https://github.com/OISF/suricata/pull/8328

Actions

Copy link

Updated by Philippe Antoine 9 months ago

Blocks Feature #1125: smtp: improve protocol detection added

Actions

Copy link

Updated by Philippe Antoine 9 months ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/8328

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5769

Incomplete values for .stats."app_layer".flow.proto

Updated by Philippe Antoine 9 months ago

Updated by Philippe Antoine 9 months ago

Updated by Philippe Antoine 9 months ago