Project

General

Profile

Actions

Optimization #7189

closed

http/conf: warn or error on invalid value in custom headers logging

Added by Philippe Antoine 12 months ago. Updated 21 days ago.

Status:
Rejected
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:
Beginner, C, Good First Issue, Outreachy

Description

Like custom: [X-Powered-By] in suricata.yaml and running python3 ../suricata-verify/run.py base64-decode-5885 does not show X-Powered-By, but there is no warning in OutputHttpLogInitSub if the header is not defined


Related issues 1 (1 open0 closed)

Related to Suricata - Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yamlNewOISF DevActions
Actions #1

Updated by Juliana Fajardini Reichow 12 months ago

  • Label Outreachy added
Actions #2

Updated by Juliana Fajardini Reichow 10 months ago

  • Assignee changed from OISF Dev to Community Ticket
Actions #3

Updated by Juliana Fajardini Reichow 10 months ago

Hello, to confirm, this issue is related to a configuration option being passed in our suricata.yaml file to the http.custom section, but is not one of the allowed custom fields listed here, right? https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#http

Actions #4

Updated by Philippe Antoine 10 months ago

Juliana Fajardini Reichow wrote in #note-3:

Hello, to confirm, this issue is related to a configuration option being passed in our suricata.yaml file to the http.custom section, but is not one of the allowed custom fields listed here, right? https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#http

Correct

Actions #5

Updated by Philippe Antoine 21 days ago

  • Related to Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yaml added
Actions #6

Updated by Philippe Antoine 21 days ago

  • Status changed from New to Rejected

Duplicate of #2091 which also includes SMTP custom

Actions

Also available in: Atom PDF