[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0rc1-76-ged877c6

OISF Git noreply at openinfosecfoundation.org
Thu Mar 6 10:26:07 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  ed877c64d1780289c3d73690aea149914877a0bb (commit)
       via  6c3c234ca5583f420371bc706716e8ae1b0c5a61 (commit)
       via  1fa4233d67d068fd49155e9d153011a491125833 (commit)
       via  0f70e8f2250cfb2309a06d5fb5c4963230a6ccdc (commit)
       via  cf30adcedcff875ff547092f5b3efbdfadfeb048 (commit)
      from  606e19124b3417d3bf1faa3a72eeef844eda658e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ed877c64d1780289c3d73690aea149914877a0bb
Author: Victor Julien <victor at inliniac.net>
Date:   Wed Mar 5 10:43:30 2014 +0100

    Bug 611: fix for iponly
    Fix Bug 611 for ip-only rules as well. If 'alert ip' rule has ports,
    don't match on protocols that don't have ports. Like ICMP.
    Bug #611.

commit 6c3c234ca5583f420371bc706716e8ae1b0c5a61
Author: Eric Leblond <eric at regit.org>
Date:   Wed Mar 5 22:39:10 2014 +0100

    output-json: update timestamp format
    This patch updates the timestamp format used in eve loggin.
    It uses a ISO 8601 comptatible string. This allow tools parsing
    the output to easily detect adn/or use the timestamp.
    In the EVE JSON output, the value of the timestamp key has been
    changed to 'timestamp' (instead of 'time'). This allows tools
    like Splunk to detect the timestamp and use it without configuration.
    Logstash configuration is simple:
    input {
       file {
          path => [ "/usr/local/var/log/suricata/eve.json" ]
          codec =>   json
          type => "suricata-log"
    filter {
       if [type] == "suricata-log" {
          date {
            match => [ "timestamp", "ISO8601" ]
    In splunk, auto detection of the fle format is failling and it seems
    you need to define a type to parse JSON in
    KV_MODE = json
    TRUNCATE = 0
    Then you can simply declare the log file in
    sourcetype = suricata
    In both cases the timestamp are correctly imported by
    the tools.

commit 1fa4233d67d068fd49155e9d153011a491125833
Author: Eric Leblond <eric at regit.org>
Date:   Tue Feb 4 16:33:30 2014 +0100

    pfring: get vlan id from header
    PF_RING is delivering the packet with VLAN header stripped. This
    patch updates the code to get the information from PF_RING extended
    header information.
    This patch uses the new function SCKernelVersionIsAtLeast to know
    that we've got a old kernel that do not strip the VLAN header from
    the message before sending it to userspace.

commit 0f70e8f2250cfb2309a06d5fb5c4963230a6ccdc
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Mar 6 08:57:35 2014 +0100

    OpenBSD: set correct magic path
    For all 5.x OpenBSDs it seems the magic path is:

commit cf30adcedcff875ff547092f5b3efbdfadfeb048
Author: Eric Leblond <eric at regit.org>
Date:   Wed Mar 5 22:18:02 2014 +0100

    ipfw: fix build
    Buildbot reported:
     runmode-ipfw.c: In function 'RunModeIpsIPFWAuto':
     runmode-ipfw.c:85: error: implicit declaration of function 'LiveDeviceHasNoStats'


Summary of changes:
 configure.ac               |    2 +-
 src/detect-engine-iponly.c |   35 +++++++++++++++++++++++++++++++++++
 src/output-json-alert.c    |    4 ++--
 src/output-json.c          |    4 ++--
 src/runmode-ipfw.c         |    1 +
 src/source-pfring.c        |   40 +++++++++++++++++++++++++++++++++++++++-
 src/util-time.c            |   14 ++++++++++++++
 src/util-time.h            |    1 +
 8 files changed, 95 insertions(+), 6 deletions(-)


More information about the Oisf-devel mailing list