Firewall log parser does not handle SCTP log entries
Pull Request Review
Plus Target Version:
Tested in 22.05 / 23.01.
The firewall logs page in the webGUI does not show the following entries in
Feb 6 12:27:26 pfs-firewall-1 filterlog: 213,,,1663257066,vtnet8,match,block,in,4,0xa0,,254,17063,0,none,132,sctp,60,198.51.100.131,192.0.2.110,datalength=40
Updated by Jim Pingle about 2 months ago
- Subject changed from webGUI Firewall Logs do not show SCTP entries to Firewall log parser does not handle SCTP log entries
- Category changed from Web Interface to System Logs
- Target version set to 2.7.0
- Plus Target Version set to 23.05
The protocol layout isn't defined in the log parser so it doesn't know what to do with it. There is no test for protocol
132 in the block at source:src/etc/inc/syslog.inc#L1101 in
There could maybe be a default test at the end to catch unknown protocols, like the IGMP section could be moved down and the protocol check removed from that, so unknown protocols just show source/destination address and no other data.
While there, that whole block should really be a switch statement and not a bunch of if/elseif checks.
Updated by Théo Sarrazin about 1 month ago
Updated by Jim Pingle about 1 month ago
- Status changed from New to Pull Request Review