OD Ofer Dagan
- Login: oferdagan
- Email: oferda4@gmail.com
- Registered on: 09/26/2024
- Last sign in: 02/18/2026
Issues
| open | closed | Total | |
|---|---|---|---|
| Assigned issues | 2 | 2 | 4 |
| Reported issues | 4 | 4 | 8 |
Projects
| Project | Roles | Registered on |
|---|---|---|
| Suricata | Developer | 02/18/2026 |
| Suricata-Update | Developer | 02/18/2026 |
Activity
02/20/2026
- OD 01:26 PM Suricata Bug #5255: output/alert: incorrect pcap_filename logged with --pcap-file-recursive
- Opened a PR - https://github.com/OISF/suricata/pull/14857
02/19/2026
- OD 03:25 PM Suricata Bug #5255: output/alert: incorrect pcap_filename logged with --pcap-file-recursive
- @vjulien Note this found an error in the previous PR! I'm thinking of adding the fix as a separate commit in the PR I'm opening for this one. It's not something we can detect on a suricata-verify test (only UTs) and it's blocking this so...
02/18/2026
- OD 03:24 PM Suricata Bug #5255: output/alert: incorrect pcap_filename logged with --pcap-file-recursive
- Yes I think it will be a very clean solution. It will be really simple to get to it in `OutputJsonBuilderBuffer` - `p->pcap_v->pfv->filename`. Thanks to the ref counters we added, this struct will stay alive.
Note that the path for the...
01/29/2026
- OD 09:33 AM Suricata Feature #8250: rules: distinct ip counting logic
- https://github.com/OISF/suricata/pull/14707
01/28/2026
- OD 10:08 AM Suricata Feature #8250 (In Review): rules: distinct ip counting logic
- In continuous to this ticket - https://redmine.openinfosecfoundation.org/issues/7928.
Implementing now @unique_on@ options for @src_ip@ and @dst_ip@.
Example for host scan rule:
@alert tcp any any -> any any (msg:"Potential TCP SY...
10/28/2025
- OD 01:55 PM Suricata Feature #7928 (In Progress): rules: distinct counting logic
10/15/2025
- OD 08:39 AM Suricata Feature #7928: rules: distinct counting logic
- How can I do that? From what I understand hostbits can be used to track a specific host but not as a general rule.
09/21/2025
- OD 05:30 PM Suricata Feature #7928 (Closed): rules: distinct counting logic
- Hello team,
I wish to introduce a new feature suggestion and after your approval and direction I would like to implement it.
We want to detect port scan in the network, however there are a lot of communications to the same port in a ... - OD 11:14 AM Suricata Bug #5255: output/alert: incorrect pcap_filename logged with --pcap-file-recursive
- Hi there,
Is there an update regarding this ticket?
06/25/2025
- OD 10:43 AM Suricata Feature #7786: pcap: Enhance --pcap-file-delete to Conditionally Delete PCAPs Based on Alerts
- I've opened a PR with the suggested solution - https://github.com/OISF/suricata/pull/13528
Let me know if you want me to implement it in a different way.