Project

General

Profile

Actions

Bug #4109

closed

squid package doesn't include hostname when logging remotely

Added by Patrick Hieber almost 10 years ago. Updated almost 10 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
12/13/2014
Due date:
% Done:

0%

Estimated time:
1.00 h
Plus Target Version:
Affected Version:
2.1.5
Affected Plus Version:
Affected Architecture:

Description

Squid doesn't include the hostname when logging remotely (e.g.):

<33>Dec 13 13:40:18 snort2160: [120:3:1] (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE [Classification: Unknown Traffic] [Priority: 3] {TCP} 192.168.2.1:80 -> 192.168.2.102:21832

But it should include the hostname between the date and the process (snort) in this case.

Actions #1

Updated by Jim Pingle almost 10 years ago

  • Status changed from New to Rejected

Squid/snort inconsistencies in the report aside, syslog does not include that. It's up to the remote system to identify it by the source IP of the log data and put it in the logs entries.

Actions #2

Updated by Patrick Hieber almost 10 years ago

sorry - snort not squid ;)
The remote system can detect the sender, of cause. But if you ommit the hostname, it's not syslog (RFC)! Also, other processes correctly include the hostname and it should also be contained in the snort logs to be consistent.

Actions

Also available in: Atom PDF