]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 085eb9f) | patch
eve/ssh: change hassh logging format
authorVictor Julien <victor@inliniac.net>
Fri, 24 Jul 2020 08:49:20 +0000 (10:49 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 24 Jul 2020 11:27:41 +0000 (13:27 +0200)
commit00cc3c7374feaf735a45fd5ecffa30bb59517544
tree7c24e7e848b7432331156c2d2afb396bdcff8704tree
parent085eb9fc8e27fc81344092f041a21146b5c63ddfcommit | diff
eve/ssh: change hassh logging format

Elastic search didn't accept the 'hassh' and 'hassh.string'. It would
see the first 'hassh' as a string and split the second key into a
object 'hassh' with a string member 'string'. So two different types
for 'hassh', so it rejected it.

This patch mimics the ja3(s) logging by creating a 'hassh' object
with 2 members: 'hash', which holds the md5 representation, and
'string' which holds the string representation.
doc/userguide/output/eve/eve-json-format.rst diff | blob | blame | history
rust/src/ssh/logger.rs diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git