Open Information Security Foundation

02/04/2017

04:14 PM Suricata Bug #2017: EVE Log Missing Fields

Andreas Herz wrote:
> Can you share the .pcap with us?
Forwarded via email. Ryan Cote

10:49 AM Suricata Bug #2017: EVE Log Missing Fields

Yes, the missing field problems is present reading through PCAP. I have 10 events without src/dest fields and one pr... Ryan Cote

12:21 AM Suricata Bug #2017: EVE Log Missing Fields

Ryan Cote wrote:
> Version 3.2, and no matching IPs in the left side of the signature are seen in the traffic flow, ... Ryan Cote

02/03/2017

10:33 PM Suricata Bug #2017: EVE Log Missing Fields

Something odd is going on with the timestamp within the output generated as well. I ran it again to see if it was a ... Ryan Cote

09:31 PM Suricata Bug #2017: EVE Log Missing Fields

A different environment, one I can share more details about, Ubuntu 16.04 running on an odroid XU4. suricata.yaml an... Ryan Cote

09:14 PM Suricata Bug #2017: EVE Log Missing Fields

Version 3.2, and no matching IPs in the left side of the signature are seen in the traffic flow, but I get a constant... Ryan Cote

03:28 PM Suricata Bug #2017: EVE Log Missing Fields

Issue is repeatable using afpacket as well. Ryan Cote

03:05 PM Suricata Bug #2017 (Closed): EVE Log Missing Fields

A sanitized testing version has the signature below:
> alert ip [192.168.1.1,192.168.1.2] any -> ![192.168.1.0/24,19... Ryan Cote