Project

General

Profile

Actions
Copy link

Bug #6983

closed

alert/metadata: no pgsql object encapsulation

Added by Juliana Fajardini Reichow 6 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

When adding a fix for #6092 I didn't take into consideration that the EVE object for pgsql is actually created outside of rs_pgsql_logger, which leads to the alert metadata being created without the pgsql object encapsulation:

  "alert": {
    "action": "allowed",
    "gid": 1,
    "signature_id": 1,
    "rev": 1,
    "signature": "PGSQL Test Rule",
    "category": "",
    "severity": 3
  },
  "request": {
    "simple_query": "select * from rules where sid = 2021701;" 
  },
  "response": {
    "field_count": 10,
    "data_rows": 3,
    "data_size": 1104,
    "command_completed": "SELECT 3" 
  },

Now, this must to be fixed.

Subtasks 1 (0 open1 closed)

Bug #7066: alert/metadata: no pgsql object encapsulation (7.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6092: eve/alert: missing pgsql metadataClosedJuliana Fajardini ReichowActions
Actions
Copy link

Also available in: Atom PDF