Actions
Bug #10185
closedSuricata 'Alert Log View Filter' undesirably port matches substrings instead of exact port
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
01/14/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
See attached screenshot. When I put a port number, like "25" in the 'destination port' field, I would expect to get matches to that exact port. But instead it's also matching substrings, like port "12539", "2570", etc.
I don't really care about random ports that are closed anyway, but I do care to see what's happening on my mail port. So even if this is deliberate, it would be nice to have an exact port matching option. I guessed possible syntaxes like "25" or +25 but they didn't work.
Files
Actions