[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0rc1-76-ged877c6
OISF Git
noreply at openinfosecfoundation.org
Thu Mar 6 10:26:07 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via ed877c64d1780289c3d73690aea149914877a0bb (commit)
via 6c3c234ca5583f420371bc706716e8ae1b0c5a61 (commit)
via 1fa4233d67d068fd49155e9d153011a491125833 (commit)
via 0f70e8f2250cfb2309a06d5fb5c4963230a6ccdc (commit)
via cf30adcedcff875ff547092f5b3efbdfadfeb048 (commit)
from 606e19124b3417d3bf1faa3a72eeef844eda658e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ed877c64d1780289c3d73690aea149914877a0bb
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 5 10:43:30 2014 +0100
Bug 611: fix for iponly
Fix Bug 611 for ip-only rules as well. If 'alert ip' rule has ports,
don't match on protocols that don't have ports. Like ICMP.
Bug #611.
commit 6c3c234ca5583f420371bc706716e8ae1b0c5a61
Author: Eric Leblond <eric at regit.org>
Date: Wed Mar 5 22:39:10 2014 +0100
output-json: update timestamp format
This patch updates the timestamp format used in eve loggin.
It uses a ISO 8601 comptatible string. This allow tools parsing
the output to easily detect adn/or use the timestamp.
In the EVE JSON output, the value of the timestamp key has been
changed to 'timestamp' (instead of 'time'). This allows tools
like Splunk to detect the timestamp and use it without configuration.
Logstash configuration is simple:
input {
file {
path => [ "/usr/local/var/log/suricata/eve.json" ]
codec => json
type => "suricata-log"
}
}
filter {
if [type] == "suricata-log" {
date {
match => [ "timestamp", "ISO8601" ]
}
}
}
In splunk, auto detection of the fle format is failling and it seems
you need to define a type to parse JSON in
$SPLUNK_DIR/etc/system/local/props.conf:
[suricata]
KV_MODE = json
NO_BINARY_CHECK = 1
TRUNCATE = 0
Then you can simply declare the log file in
$SPLUNK_DIR/etc/system/local/inputs.conf:
[monitor:///usr/local/var/log/suricata/eve.json]
sourcetype = suricata
In both cases the timestamp are correctly imported by
the tools.
commit 1fa4233d67d068fd49155e9d153011a491125833
Author: Eric Leblond <eric at regit.org>
Date: Tue Feb 4 16:33:30 2014 +0100
pfring: get vlan id from header
PF_RING is delivering the packet with VLAN header stripped. This
patch updates the code to get the information from PF_RING extended
header information.
This patch uses the new function SCKernelVersionIsAtLeast to know
that we've got a old kernel that do not strip the VLAN header from
the message before sending it to userspace.
commit 0f70e8f2250cfb2309a06d5fb5c4963230a6ccdc
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 6 08:57:35 2014 +0100
OpenBSD: set correct magic path
For all 5.x OpenBSDs it seems the magic path is:
/usr/local/share/misc/magic.mgc
commit cf30adcedcff875ff547092f5b3efbdfadfeb048
Author: Eric Leblond <eric at regit.org>
Date: Wed Mar 5 22:18:02 2014 +0100
ipfw: fix build
Buildbot reported:
runmode-ipfw.c: In function 'RunModeIpsIPFWAuto':
runmode-ipfw.c:85: error: implicit declaration of function 'LiveDeviceHasNoStats'
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 2 +-
src/detect-engine-iponly.c | 35 +++++++++++++++++++++++++++++++++++
src/output-json-alert.c | 4 ++--
src/output-json.c | 4 ++--
src/runmode-ipfw.c | 1 +
src/source-pfring.c | 40 +++++++++++++++++++++++++++++++++++++++-
src/util-time.c | 14 ++++++++++++++
src/util-time.h | 1 +
8 files changed, 95 insertions(+), 6 deletions(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list