Bug #4817: smtp: smtp transaction not logged if no email is present - Suricata - Open Information Security Foundation

Actions

Bug #4817

closed

smtp: smtp transaction not logged if no email is present

Added by Jason Ish almost 3 years ago. Updated almost 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Needs backport to 5.0, Needs backport to 6.0

Description

The SMTP logger will not write out the transaction log if the email portion fails to log, however the other SMTP data may still be valuable. This is what happens when an SMTP transaction is upgraded to TLS with STARTTLS. The SMTP logger runs, but no record is created.

Related issues 2 (0 open — 2 closed)

Actions

#1

Updated by Jason Ish almost 3 years ago

Status changed from Assigned to In Review

PR: https://github.com/OISF/suricata/pull/6598

Actions

#2

Updated by Peter Manev almost 3 years ago

Originally reported on the SELKS project https://github.com/StamusNetworks/SELKS/issues/346
Private pcap

Actions

#3

Updated by Jason Ish almost 3 years ago

Status changed from In Review to Closed

Merged into master. Should this get a backport?

Actions

#4

Updated by Jason Ish almost 3 years ago

Affected Versions 5.0.7, 6.0.4 added

Actions

#5

Updated by Jason Ish almost 3 years ago

Label Needs backport to 5.0, Needs backport to 6.0 added

Actions

#6

Updated by Jeff Lucovsky almost 3 years ago

Copied to Bug #4931: smtp: smtp transaction not logged if no email is present added

Actions

#7

Updated by Jeff Lucovsky almost 3 years ago

Copied to Bug #4932: smtp: smtp transaction not logged if no email is present added

Actions

Also available in: Atom PDF