Bug #7569: logging: Mac addresses are not logged for pkt_src detect/log or flow timeout - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7569

closed

logging: Mac addresses are not logged for pkt_src detect/log or flow timeout

Added by Philippe Antoine about 1 month ago. Updated about 1 month ago.

Status:

Rejected

Priority:

Normal

Assignee:

OISF Dev

Target version:

8.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Cf https://forum.suricata.io/t/some-mac-addresses-are-missing-in-the-http-logs/5389/2

Not sure if we will want to backport this

Check with jq 'select(.ether == null)' log/eve.json and having ethernet: yes in suricata.yaml

Actions

Copy link

Updated by Shivani Bhardwaj about 1 month ago

Q: Why should a pseudo pkt carry information like MAC address?

Actions

Copy link

Updated by Philippe Antoine about 1 month ago

In the case mentioned, it belong to a flow

Actions

Copy link

Updated by Victor Julien about 1 month ago

Think this is a duplicate of #5486.

Actions

Copy link

Updated by Philippe Antoine about 1 month ago

Status changed from New to Rejected

Indeed duplicate of #5486 cf https://redmine.openinfosecfoundation.org/issues/5486#note-5
Thanks Victor for catching it

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7569

logging: Mac addresses are not logged for pkt_src detect/log or flow timeout

Updated by Shivani Bhardwaj about 1 month ago

Updated by Philippe Antoine about 1 month ago

Updated by Victor Julien about 1 month ago

Updated by Philippe Antoine about 1 month ago