Project

General

Profile

Actions
Copy link

Optimization #7189

open

http/conf: warn or error on invalid value in custom headers logging

Added by Philippe Antoine 11 months ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
Difficulty:
Label:
Beginner, C, Good First Issue, Outreachy

Description

Like custom: [X-Powered-By] in suricata.yaml and running python3 ../suricata-verify/run.py base64-decode-5885 does not show X-Powered-By, but there is no warning in OutputHttpLogInitSub if the header is not defined

Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow 11 months ago

  • Label Outreachy added
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow 9 months ago

  • Assignee changed from OISF Dev to Community Ticket
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 9 months ago

Hello, to confirm, this issue is related to a configuration option being passed in our suricata.yaml file to the http.custom section, but is not one of the allowed custom fields listed here, right? https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#http

Actions
Copy link
 #4

Updated by Philippe Antoine 9 months ago

Juliana Fajardini Reichow wrote in #note-3:

Hello, to confirm, this issue is related to a configuration option being passed in our suricata.yaml file to the http.custom section, but is not one of the allowed custom fields listed here, right? https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#http

Correct

Actions
Copy link

Also available in: Atom PDF