[Oisf-users] pass rule events suddenly start getting logged as alert events upon upgrade from Suricata 1.4.1 to 1.4.3
Victor Julien
lists at inliniac.net
Mon Jul 8 08:46:18 UTC 2013
On 07/04/2013 12:05 AM, Kevin Branch wrote:
> Upon recently upgrading my sensors from Suricata 1.4.1 to 1.4.3, events
> that trigger my "pass" rules are now getting dumped into my unified2
> output file right alongside all the "alert" events. Multiple sites are
> affected by this and it's filling up my event databases with unwanted
> non-alert events. Did something change between 1.4.1 and 1.4.3 such
> that I need to do something special to keep "pass" events from being
> output to my unified2 files? I did not change the suricata.yaml files
> at all during the upgrade process.
I can reproduce this, looking into it.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list