Bug #6092
closedeve/alert: missing pgsql metadata
PA Updated by Philippe Antoine almost 3 years ago
- Copied from Bug #5977: eve/alert: missing KRB5 metadata added
PA Updated by Philippe Antoine over 2 years ago
- Related to Optimization #3827: output: clean up logging initialization code added
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
- Target version changed from TBD to 8.0.0-beta1
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/10830
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from In Review to Closed
Merged with PR https://github.com/OISF/suricata/pull/10856
PA Updated by Philippe Antoine almost 2 years ago
@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?
JF Updated by Juliana Fajardini Reichow almost 2 years ago
Philippe Antoine wrote in #note-6:
@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?
No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?
PA Updated by Philippe Antoine almost 2 years ago
Juliana Fajardini Reichow wrote in #note-7:
No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?
I think you do not need events for this.
You can see for instance commit 4d2bd8cc38bb8d78cb8c473e831cb41140e3a80c in SV, about test output-eve-tftp-01 adding a check for an alert event with some tftp details
JF Updated by Juliana Fajardini Reichow almost 2 years ago
Philippe Antoine wrote in #note-8:
Juliana Fajardini Reichow wrote in #note-7:
No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?
I think you do not need events for this.
You can see for instance commit 4d2bd8cc38bb8d78cb8c473e831cb41140e3a80c in SV, about test output-eve-tftp-01 adding a check for an alert event with some tftp details
But would that work without detection capabilities for pgsql? :/
PA Updated by Philippe Antoine almost 2 years ago
I guess so : there is no tftp keyword
JF Updated by Juliana Fajardini Reichow almost 2 years ago
Philippe Antoine wrote in #note-10:
I guess so : there is no tftp keyword
Thanks, I was trying and my tests were failing, but turns out that I (once again) had forgotten to add alert event types to my EVE logs ;_;
JF Updated by Juliana Fajardini Reichow almost 2 years ago
- Related to Bug #6983: eve/alert/metadata: no pgsql object encapsulation added
JF Updated by Juliana Fajardini Reichow almost 2 years ago
Philippe Antoine wrote in #note-10:
I guess so : there is no tftp keyword
Philippe Antoine wrote in #note-6:
@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?
Does this work? https://github.com/OISF/suricata-verify/pull/1796
PA Updated by Philippe Antoine almost 2 years ago
Looking good, will review it there