Bug #10185: Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #10185

closed

Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port

Added by Sean McBride over 4 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Suricata

Target version:

Start date:

01/14/2020

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

See attached screenshot. When I put a port number, like "25" in the 'destination port' field, I would expect to get matches to that exact port. But instead it's also matching substrings, like port "12539", "2570", etc.

I don't really care about random ports that are closed anyway, but I do care to see what's happening on my mail port. So even if this is deliberate, it would be nice to have an exact port matching option. I guessed possible syntaxes like "25" or +25 but they didn't work.

Files

SubstringPortMatch.png (105 KB) SubstringPortMatch.png

Sean McBride, 01/14/2020 04:18 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #10185

Suricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port

Updated by Jim Pingle over 4 years ago

Updated by Bill Meeks over 4 years ago

Updated by Sean McBride over 4 years ago

Updated by Bill Meeks over 4 years ago

Updated by Bill Meeks about 4 years ago

Updated by Jim Pingle about 4 years ago