... event data if a packet does not exist for the event
Update Sguil output plugin (spo_sguil.c) to pull ip information from …
…the event data if a packet does not exist for the event
But beside that it seem's all good.
Seems reasonable, my only use case only hits on UNIFIED2_IDS_EVENT_VLAN, that's why it's like that.
I unserstand but technically it could also occur for those other cases. So i think its worth expending the condition if you want to generalize your patch.
btw can you send me an e-mail beenphgmail
Refine condition to hit all 3 ipv4 event types
@bradvoth: thanks, i joined this as one commit and manually merged in as 701ccc1