Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

output-json: add MAC addresses to EVE-JSON logs - v9 #4968

Closed
wants to merge 1 commit into from
Closed

output-json: add MAC addresses to EVE-JSON logs - v9 #4968

wants to merge 1 commit into from

Conversation

satta
Copy link
Contributor

@satta satta commented May 21, 2020

Previous PR: #4767

Link to redmine ticket: #962

Describe changes (to previous PR):

  • Only do one call to SC_ATOMIC_SUB.
  • Use flow storage to store MacSets.
  • Add counters for maximum number of MAC addresses ( decoder.max_mac_addrs_src and decoder.max_mac_addrs_dst)

Suricata-verify tests (OISF/suricata-verify#197) have also been adapted.

@satta
output-json: add MAC address output
bdf144c 
This commit adds MAC address output to the EVE-JSON format. We follow the
remarks made in Redmine ticket OISF#962: for packets, log MAC src/dst as a
scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names
are different between flow and packet context to avoid type confusion
(src_mac vs. src_macs). Configuration approach and JSON representation is
taken from previous GitHub PR OISF#2700.
@satta satta requested review from norg and a team as code owners May 21, 2020 18:39
@satta satta mentioned this pull request May 21, 2020
Closed
victorjulien
victorjulien reviewed May 22, 2020
View reviewed changes
src/flow.c Show resolved Hide resolved
src/flow.c Show resolved Hide resolved
@satta satta mentioned this pull request May 23, 2020
Closed
@satta
Copy link
Contributor Author

satta commented May 23, 2020

New PR: #4975

@satta satta closed this May 23, 2020
@satta satta deleted the maclog-962-v9 branch August 3, 2020 08:51
catenacyber added a commit to catenacyber/suricata that referenced this pull request Sep 27, 2023
@catenacyber
quic: v2 support per rfc 9369
3031819 
Ticket: OISF#4968
catenacyber added a commit to catenacyber/suricata that referenced this pull request Oct 2, 2023
@catenacyber
quic: v2 support per rfc 9369
d583efb 
Ticket: OISF#4968
victorjulien pushed a commit to victorjulien/suricata that referenced this pull request Oct 3, 2023
@catenacyber @victorjulien
quic: v2 support per rfc 9369
9157070 
Ticket: OISF#4968
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@satta @victorjulien