Andreas Herz





08:42 PM Suricata Bug #2646 (Closed): suricata-update fails when suricata is running because the TCP connection is closed incorrectly
Thanks for the update :)


10:52 PM Suricata Support #2729: /var/log/suricata/fast.log full because of a rules
Do you have a chance to sniff directly for this traffic?
The rule itself is quite simple and seems you already saw...


10:48 PM Suricata Support #2690: Is ssl decrytion supported in suricata?
There is no option for that within suricata. You would need to use external tools (there are some commercial ones) an...
10:36 PM Suricata Support #2702: Please help advice warning log about "detect-flowbits.c:480".
Well what sort of help do you need? You need to look into the rules, they check for flowbits that are not set in any ...


09:47 PM Suricata-Update Optimization #2645: Fix deprecation warnings in tests.
You meant legacy python :)?
Do we have a plan how long we want to support 2.7? 2020 will come fast


09:33 PM Suricata Support #2636: I need help fort IPS inline doesn't drop
Do you see alerts at least?
Did you change the action keyword from alert to drop?
09:31 PM Suricata Support #2635: Multi-threading not working correctly
Can you give us more details about your setup, especially configuration and how you run suricata (commandline)?


09:08 PM Suricata Optimization #2620: Documentation: tagged_packets / event_type packet
We need to add it to the keywords section as well to the EVE (JSON Format) section.
Suggested example rule:...


09:23 PM Suricata Optimization #595: document csum keywords
should include
- ipv4-csum ...
09:22 PM Suricata Optimization #2591: document ssh keywords
should include:
* ssh_proto
* ssh.protoversion
* ssh_software
* ssh.softwareversion

Also available in: Atom