Code Review / clover.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6774a5b) | patch
Fix snort rule with blank content & WR packet in alert 05/56305/1
authorEddie Arrage <eddie.arrage@huawei.com>
Tue, 24 Apr 2018 00:22:07 +0000 (00:22 +0000)
committerEddie Arrage <eddie.arrage@huawei.com>
Tue, 24 Apr 2018 00:27:37 +0000 (00:27 +0000)
commitb6eb062e73bea5a85fbd7c43e3661208796dc360
tree04c0f3970e1ef81c0d8e8cffa32832d41c990d71tree | snapshot
parent6774a5be4f59b325af1d51af3b88d06edd9f76c0commit | diff
Fix snort rule with blank content & WR packet in alert

- Fix bug with addition of content field in rule definition
that causes rules with a blank content fields to inhibit
snort from starting successfully.
- Write more of the packet data for snort alert into Redis
- Above includes X-Real-IP, X-Forwarded-For header fields
for http traffic from proxy that shows source IP

Some packet data is missing in alerts from snort.

Change-Id: I2c5c29e514d1ca9e8e5b9b3f7990afa87c6311b9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
samples/services/snort_ids/docker/grpc/snort_alerts.py diff | blob | history
samples/services/snort_ids/docker/grpc/snort_server.py diff | blob | history