Project

General

Profile

Actions
Copy link

Bug #5769

closed

Incomplete values for .stats."app_layer".flow.proto

Added by Philippe Antoine over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.0-rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

With ftp or whatever protocol
The two commands do not give the same result

jq 'select(.event_type=="flow" and .app_proto=="ftp") | .app_proto'  log/eve.json | wc -l
jq 'select(.event_type=="stats") | .stats."app_layer".flow.ftp' log/eve.json

Related issues 3 (0 open3 closed)

Related to Suricata - Bug #6633: stats: flows with a detection-only alproto not accounted in this protocolClosedPhilippe AntoineActions
Related to Suricata - Bug #7238: app-layer: protocol flows are miscounted in case of errorClosedShivani BhardwajActions
Blocks Suricata - Feature #1125: smtp: improve protocol detectionClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine over 2 years ago

  • Status changed from New to In Review
  • Target version changed from TBD to 7.0.0-rc1
Actions
Copy link
 #2

Updated by Philippe Antoine over 2 years ago

Actions
Copy link
 #3

Updated by Philippe Antoine over 2 years ago

  • Status changed from In Review to Closed
Actions
Copy link
 #4

Updated by Philippe Antoine over 1 year ago

  • Related to Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol added
Actions
Copy link
 #5

Updated by Shivani Bhardwaj 3 months ago

  • Related to Bug #7238: app-layer: protocol flows are miscounted in case of error added
Actions
Copy link

Also available in: Atom PDF