David Wharton

  • Login: dwharton
  • Registered on: 03/16/2013
  • Last connection: 01/06/2021


open closed Total
Assigned issues 0 0 0
Reported issues 5 8 13



04:14 AM Suricata Bug #4225: SC_ERROR_CONF_YAML_ERROR anomaly logger error when in socket mode
I was about to report this but Brandon beat me to it.
When Suricata starts in socket mode, OutputAnomalyLoggerEnab...
David Wharton


03:24 AM Suricata Bug #3467 (Closed): Alert metadata not present in EVE output when using Socket Control Pcap Processing Mode
Suricata has long supported the "metadata" keyword in rules and since version 4.1, has included the metatdata informa... David Wharton


06:39 AM Suricata Bug #3448 (Closed): Suricata 4.1 Seg Fault: Socket Control pcap-file and corrupt pcap
Suricata 4.1 (tested on 4.1.5 and 4.1.6) seg faults when using socket control, and sending the "pcap-file" command wi... David Wharton


07:24 PM Suricata Bug #3436 (New): Suricata Socket Control crashing using command 'reopen-log-files'
Creating per Victor's request.
Suricata is core dumping and seg faulting when calling the socket control command "...
David Wharton


12:21 PM Suricata Support #2890: HTTP alert isn't triggered when writing ".." as part of the scanned URI
This isn't a bug, it is expected and desired behavior.
The 'http_uri' buffer is a normalized buffer which means th...
David Wharton


12:44 AM Suricata Feature #2689: http: Normalized HTTP client body buffer
This could possibly be implemented as a transform but seems more natural to treat similar to the http_uri normalized ... David Wharton
12:23 AM Suricata Feature #2689 (Closed): http: Normalized HTTP client body buffer
Currently the 'http_uri' buffer is normalized. This is a request to extend the same normalization (URI decode) to th... David Wharton


02:29 PM Suricata Feature #2670 (Closed): tls_cert sticky buffer
*Feature Request:*
_tls_cert_ sticky buffer for the entire parsed out SSL certificate.
* Similar to o...
David Wharton
02:13 PM Suricata Feature #1249: http/dns ip-reputation alike technique
I agree that having DNS Reputation would be valuable. It could be called "dnsrep" since it would be like iprep but f... David Wharton


02:46 PM Suricata Feature #2311: math on extracted values
While Suricata has matured to the point where it should be defining IDS rule capabilities instead of reacting to othe... David Wharton

Also available in: Atom