Project

General

Profile

Actions
Copy link

Bug #6633

closed

stats: flows with a detection-only alproto not accounted in this protocol

Added by Philippe Antoine 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Subtasks 1 (0 open1 closed)

Bug #6636: stats: flows with a detection-only alproto not accounted in this protocol (7.0.x backport)ClosedPhilippe AntoineActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #5769: Incomplete values for .stats."app_layer".flow.protoClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine 5 months ago

  • Related to Bug #5769: Incomplete values for .stats."app_layer".flow.proto added
Actions
Copy link
 #2

Updated by Philippe Antoine 5 months ago

jq 'select(.event_type=="flow" and .app_proto=="enip") | .app_proto' log/eve.json | wc -l gives 1 ENIP detection-only flow

But
jq 'select(.event_type=="stats") | .stats."app_layer".flow.enip' log/eve.json gives 0

Actions
Copy link
 #3

Updated by Philippe Antoine 5 months ago

  • Status changed from New to In Review
Actions
Copy link
 #4

Updated by Victor Julien 4 months ago

  • Label Needs backport to 7.0 added
Actions
Copy link
 #5

Updated by OISF Ticketbot 4 months ago

  • Subtask #6636 added
Actions
Copy link
 #6

Updated by OISF Ticketbot 4 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #7

Updated by Philippe Antoine 4 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #8

Updated by Philippe Antoine 4 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF