Project

General

Profile

Actions

Bug #13940

open

Firewall log parser does not handle SCTP log entries

Added by Marcos M about 2 months ago. Updated about 1 month ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
System Logs
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

Tested in 22.05 / 23.01.

The firewall logs page in the webGUI does not show the following entries in /var/log/filter.log:

Feb  6 12:27:26 pfs-firewall-1 filterlog[24979]: 213,,,1663257066,vtnet8,match,block,in,4,0xa0,,254,17063,0,none,132,sctp,60,198.51.100.131,192.0.2.110,datalength=40

Actions #1

Updated by Jim Pingle about 2 months ago

  • Subject changed from webGUI Firewall Logs do not show SCTP entries to Firewall log parser does not handle SCTP log entries
  • Category changed from Web Interface to System Logs
  • Target version set to 2.7.0
  • Plus Target Version set to 23.05

The protocol layout isn't defined in the log parser so it doesn't know what to do with it. There is no test for protocol 132 in the block at source:src/etc/inc/syslog.inc#L1101 in parse_firewall_log_line()

There could maybe be a default test at the end to catch unknown protocols, like the IGMP section could be moved down and the protocol check removed from that, so unknown protocols just show source/destination address and no other data.

While there, that whole block should really be a switch statement and not a bunch of if/elseif checks.

Actions #3

Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review
Actions

Also available in: Atom PDF