Project

General

Profile

Actions
Copy link

Bug #5938

open
ZB OD

for syslog output, the setting identity is not properly set

Bug #5938: for syslog output, the setting identity is not properly set

Added by Zane B-H about 3 years ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
8.0.0
Effort:
Difficulty:
Label:

Description

Lets say for outputs, you have something akin the the following.

  - eve-log:
      enabled: yes
      filetype: syslog
      identity: "suricata-ftp" 
      facility: local5
      level: Info
      pcap-file: false
      community-id: false
      community-id-seed: 0
      types:
        - ftp
  - eve-log:
      enabled: yes
      filetype: syslog
      identity: "suricata-sip" 
      facility: local5
      level: Info
      pcap-file: false
      community-id: false
      community-id-seed: 0
      types:
        - sip

All syslog output will show up as "suricata-sip" and never "suricata-ftp" as it will use what ever the last identity was set to, regardless of what it is set to for that specific output item.

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #1

  • Status changed from New to Feedback

Is this still an issue in Suricata 8 ?

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #2

  • Status changed from Feedback to New
  • Affected Versions 8.0.0 added
  • Affected Versions deleted (6.0.10)

Yes, it is, but it may be due to syslog having only one fd...

Actions
Copy link

Also available in: PDF Atom