Bug #1324: vlan tag in eve.json - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1324

closed

vlan tag in eve.json

Added by Peter Manev almost 10 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Community Ticket

Target version:

5.0beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Using Suricata 2.1beta2 - when VLAN tags are present in the traffic - eve.json writes an

event_type:"alert"

with vlan id but

event_type:"http"

does not reflect the vlan id at all. The VLAN tag is written only once in the eve.json output instead of once per every event_type present with VLAN ID.

pcap/rule pair privately shared.

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1324

vlan tag in eve.json

Updated by Andreas Herz over 8 years ago

Updated by Victor Julien over 8 years ago

Updated by Victor Julien over 5 years ago

Updated by Victor Julien over 5 years ago