Bug #6092
closedeve/alert: missing pgsql metadata
Updated by Philippe Antoine over 1 year ago
- Copied from Bug #5977: eve/alert: missing KRB5 metadata added
Updated by Philippe Antoine 12 months ago
- Related to Optimization #3827: clean up logging initialization code added
Updated by Juliana Fajardini Reichow 7 months ago
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
- Target version changed from TBD to 8.0.0-beta1
Updated by Juliana Fajardini Reichow 7 months ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/10830
Updated by Juliana Fajardini Reichow 7 months ago
- Status changed from In Review to Closed
Merged with PR https://github.com/OISF/suricata/pull/10856
Updated by Philippe Antoine 7 months ago
@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?
Updated by Juliana Fajardini Reichow 7 months ago
Philippe Antoine wrote in #note-6:
@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?
No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?
Updated by Philippe Antoine 7 months ago
Juliana Fajardini Reichow wrote in #note-7:
No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?
I think you do not need events for this.
You can see for instance commit 4d2bd8cc38bb8d78cb8c473e831cb41140e3a80c in SV, about test output-eve-tftp-01 adding a check for an alert event with some tftp details
Updated by Juliana Fajardini Reichow 7 months ago
Philippe Antoine wrote in #note-8:
Juliana Fajardini Reichow wrote in #note-7:
No, I haven't finished work on PGSQL events yet. I only followed the approach as seen for MQTT, for proposing a solution for this ticket. Should I reopen this ticket?
I think you do not need events for this.
You can see for instance commit 4d2bd8cc38bb8d78cb8c473e831cb41140e3a80c in SV, about test output-eve-tftp-01 adding a check for an alert event with some tftp details
But would that work without detection capabilities for pgsql? :/
Updated by Juliana Fajardini Reichow 6 months ago
Philippe Antoine wrote in #note-10:
I guess so : there is no tftp keyword
Thanks, I was trying and my tests were failing, but turns out that I (once again) had forgotten to add alert event types to my EVE logs ;_;
Updated by Juliana Fajardini Reichow 6 months ago
- Related to Bug #6983: alert/metadata: no pgsql object encapsulation added
Updated by Juliana Fajardini Reichow 6 months ago
Philippe Antoine wrote in #note-10:
I guess so : there is no tftp keyword
Philippe Antoine wrote in #note-6:
@Juliana Fajardini Reichow I do not see a SV test with an alert event and pgsql metadata
Is there one ?
Does this work? https://github.com/OISF/suricata-verify/pull/1796