Bug #7419: Incomplete logging message - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7419

open

Incomplete logging message

Added by Eric Leblond 3 days ago. Updated 3 days ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

7.0.9, git master

Effort:

Difficulty:

Label:

Description

When logging the engine message in the JSON format, we expect to have valid JSON messages so the parsing can be handled correctly by external tool.

But it happens that some messages can exceed the maximum length. For example, the signature max length is 8198 so if a signature is long and invalid it is written to the log by the engine. As the maximum length for message is 2048, we end up with incomplete JSON in the log.

Issue discovered by Juliana: https://github.com/StamusNetworks/suricata-language-server/issues/11

History
Notes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7419

Incomplete logging message

Updated by Jason Ish 3 days ago

Updated by Eric Leblond 3 days ago