Project

General

Profile

Actions
Copy link

Bug #5769

closed
PA PA

Incomplete values for .stats."app_layer".flow.proto

Bug #5769: Incomplete values for .stats."app_layer".flow.proto

Added by Philippe Antoine over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.0-rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

With ftp or whatever protocol
The two commands do not give the same result

jq 'select(.event_type=="flow" and .app_proto=="ftp") | .app_proto'  log/eve.json | wc -l
jq 'select(.event_type=="stats") | .stats."app_layer".flow.ftp' log/eve.json

Related issues 3 (0 open3 closed)

Related to Suricata - Bug #6633: stats: flows with a detection-only alproto not accounted in this protocolClosedPhilippe AntoineActions
Related to Suricata - Bug #7238: app-layer: protocol flows are miscounted in case of errorClosedShivani BhardwajActions
Blocks Suricata - Feature #1125: smtp: improve protocol detectionClosedPhilippe AntoineActions

PA Updated by Philippe Antoine over 3 years ago Actions
Copy link
 #1

  • Status changed from New to In Review
  • Target version changed from TBD to 7.0.0-rc1

PA Updated by Philippe Antoine over 3 years ago Actions
Copy link
 #2

PA Updated by Philippe Antoine over 3 years ago Actions
Copy link
 #3

  • Status changed from In Review to Closed

PA Updated by Philippe Antoine over 2 years ago Actions
Copy link
 #4

  • Related to Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol added

SB Updated by Shivani Bhardwaj over 1 year ago Actions
Copy link
 #5

  • Related to Bug #7238: app-layer: protocol flows are miscounted in case of error added
Actions
Copy link

Also available in: PDF Atom