Bug #5769: Incomplete values for .stats."app_layer".flow.proto - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5769

closed

Incomplete values for .stats."app_layer".flow.proto

Added by Philippe Antoine almost 2 years ago. Updated almost 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

With ftp or whatever protocol
The two commands do not give the same result

jq 'select(.event_type=="flow" and .app_proto=="ftp") | .app_proto'  log/eve.json | wc -l
jq 'select(.event_type=="stats") | .stats."app_layer".flow.ftp' log/eve.json

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Updated by Philippe Antoine almost 2 years ago

Status changed from New to In Review
Target version changed from TBD to 7.0.0-rc1

https://github.com/OISF/suricata/pull/8328

Actions

Copy link

Updated by Philippe Antoine almost 2 years ago

Blocks Feature #1125: smtp: improve protocol detection added

Actions

Copy link

Updated by Philippe Antoine almost 2 years ago

Status changed from In Review to Closed

https://github.com/OISF/suricata/pull/8328

Actions

Copy link

Updated by Philippe Antoine 12 months ago

Related to Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5769

Incomplete values for .stats."app_layer".flow.proto

Updated by Philippe Antoine almost 2 years ago

Updated by Philippe Antoine almost 2 years ago

Updated by Philippe Antoine almost 2 years ago

Updated by Philippe Antoine 12 months ago

	Related to Suricata - Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol	Closed	Philippe Antoine				Actions
	Blocks Suricata - Feature #1125: smtp: improve protocol detection	Closed	Philippe Antoine				Actions