Actions
Bug #6983
closedalert/metadata: no pgsql object encapsulation
Affected Versions:
Effort:
Difficulty:
Label:
Description
When adding a fix for #6092 I didn't take into consideration that the EVE object for pgsql
is actually created outside of rs_pgsql_logger
, which leads to the alert
metadata being created without the pgsql
object encapsulation:
"alert": { "action": "allowed", "gid": 1, "signature_id": 1, "rev": 1, "signature": "PGSQL Test Rule", "category": "", "severity": 3 }, "request": { "simple_query": "select * from rules where sid = 2021701;" }, "response": { "field_count": 10, "data_rows": 3, "data_size": 1104, "command_completed": "SELECT 3" },
Now, this must to be fixed.
Updated by Juliana Fajardini Reichow 7 months ago
- Subject changed from alert/metadata: no pgsql object created to alert/metadata: no pgsql object encapsulation
Updated by Juliana Fajardini Reichow 7 months ago
- Related to Bug #6092: eve/alert: missing pgsql metadata added
Updated by Juliana Fajardini Reichow 7 months ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/10951
Updated by Juliana Fajardini Reichow 5 months ago
- Status changed from In Review to Resolved
- Label Needs backport to 7.0 added
Merged with https://github.com/OISF/suricata/pull/11253
Updated by Juliana Fajardini Reichow 2 months ago
- Status changed from Resolved to Closed
Actions