Bug #5769: Incomplete values for .stats."app_layer".flow.proto - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5769

closed

Incomplete values for .stats."app_layer".flow.proto

Added by Philippe Antoine almost 2 years ago. Updated almost 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-rc1

Affected Versions:

Effort:

Difficulty:

Label:

Description

With ftp or whatever protocol
The two commands do not give the same result

jq 'select(.event_type=="flow" and .app_proto=="ftp") | .app_proto'  log/eve.json | wc -l
jq 'select(.event_type=="stats") | .stats."app_layer".flow.ftp' log/eve.json

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5769

Incomplete values for .stats."app_layer".flow.proto

Updated by Philippe Antoine almost 2 years ago

Updated by Philippe Antoine almost 2 years ago

Updated by Philippe Antoine almost 2 years ago

Updated by Philippe Antoine 12 months ago

	Related to Suricata - Bug #6633: stats: flows with a detection-only alproto not accounted in this protocol	Closed	Philippe Antoine				Actions
	Blocks Suricata - Feature #1125: smtp: improve protocol detection	Closed	Philippe Antoine				Actions