Actions
Feature #667
closedConfigurable Sensor_ID in Unified2 Output
Effort:
Difficulty:
Label:
Description
Make the "Sensor ID" field of the Unified2 output format capable of being set via configuration file. In environments where there are many sensors logging to a central logging device (i.e. enterprise deployment, SIEM logging, etc.) in Unified2 format, this would make it easier to distinguish what sensor an alert came from.
Based on section 5.3.8 of http://manual.snort.org/node44.html, the “Sensor ID” field in Unified2 alerts is completely unused. It appears that Suricata hardcodes this value to zero from looking at alert-unified2-alert.c (line 361).
Updated by Victor Julien over 11 years ago
- Assignee set to Anonymous
- Target version set to TBD
Updated by Jake Gionet about 11 years ago
- Due date set to 02/02/2013
- Assignee changed from Anonymous to Jake Gionet
- Start date changed from 12/07/2012 to 02/02/2013
- % Done changed from 0 to 50
Updated by Victor Julien about 11 years ago
- Status changed from New to Closed
- Target version changed from TBD to 1.4.1
- % Done changed from 50 to 100
Merged https://github.com/inliniac/suricata/pull/273, thanks!
Actions