Bug #7419: Incomplete logging message - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7419

closed

EL OD

Incomplete logging message

Bug #7419: Incomplete logging message

Added by Eric Leblond over 1 year ago. Updated 9 months ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

7.0.9, git main

Effort:

Difficulty:

Label:

Description

When logging the engine message in the JSON format, we expect to have valid JSON messages so the parsing can be handled correctly by external tool.

But it happens that some messages can exceed the maximum length. For example, the signature max length is 8198 so if a signature is long and invalid it is written to the log by the engine. As the maximum length for message is 2048, we end up with incomplete JSON in the log.

Issue discovered by Juliana: https://github.com/StamusNetworks/suricata-language-server/issues/11

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #7419

Incomplete logging message

JI Updated by Jason Ish over 1 year ago Actions
Copy link
#1

EL Updated by Eric Leblond over 1 year ago Actions
Copy link
#2

PA Updated by Philippe Antoine 9 months ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Bug #7419

Incomplete logging message

JI Updated by Jason Ish over 1 year ago ActionsCopy link #1

EL Updated by Eric Leblond over 1 year ago ActionsCopy link #2

PA Updated by Philippe Antoine 9 months ago ActionsCopy link #3

JI Updated by Jason Ish over 1 year ago Actions
Copy link
#1

EL Updated by Eric Leblond over 1 year ago Actions
Copy link
#2

PA Updated by Philippe Antoine 9 months ago Actions
Copy link
#3