Actions
Bug #13940
open
Firewall log parser does not handle SCTP log entries
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
Description
Tested in 22.05 / 23.01.
The firewall logs page in the webGUI does not show the following entries in /var/log/filter.log:
Feb 6 12:27:26 pfs-firewall-1 filterlog[24979]: 213,,,1663257066,vtnet8,match,block,in,4,0xa0,,254,17063,0,none,132,sctp,60,198.51.100.131,192.0.2.110,datalength=40
Updated by Jim Pingle about 2 months ago
- Subject changed from webGUI Firewall Logs do not show SCTP entries to Firewall log parser does not handle SCTP log entries
- Category changed from Web Interface to System Logs
- Target version set to 2.7.0
- Plus Target Version set to 23.05
The protocol layout isn't defined in the log parser so it doesn't know what to do with it. There is no test for protocol 132 in the block at source:src/etc/inc/syslog.inc#L1101 in parse_firewall_log_line()
There could maybe be a default test at the end to catch unknown protocols, like the IGMP section could be moved down and the protocol check removed from that, so unknown protocols just show source/destination address and no other data.
While there, that whole block should really be a switch statement and not a bunch of if/elseif checks.
Updated by Théo Sarrazin about 1 month ago
Updated by Jim Pingle about 1 month ago
- Status changed from New to Pull Request Review
Actions