Bug #5938: for syslog output, the setting identity is not properly set - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5938

open

for syslog output, the setting identity is not properly set

Added by Zane B-H about 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

6.0.10

Effort:

Difficulty:

Label:

Description

Lets say for outputs, you have something akin the the following.

  - eve-log:
      enabled: yes
      filetype: syslog
      identity: "suricata-ftp" 
      facility: local5
      level: Info
      pcap-file: false
      community-id: false
      community-id-seed: 0
      types:
        - ftp
  - eve-log:
      enabled: yes
      filetype: syslog
      identity: "suricata-sip" 
      facility: local5
      level: Info
      pcap-file: false
      community-id: false
      community-id-seed: 0
      types:
        - sip

All syslog output will show up as "suricata-sip" and never "suricata-ftp" as it will use what ever the last identity was set to, regardless of what it is set to for that specific output item.

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5938

for syslog output, the setting identity is not properly set