Project

General

Profile

Bug #4109

squid package doesn't include hostname when logging remotely

Added by Patrick Hieber over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
12/13/2014
Due date:
% Done:

0%

Estimated time:
1.00 h
Affected Version:
2.1.5
Affected Architecture:

Description

Squid doesn't include the hostname when logging remotely (e.g.):

<33>Dec 13 13:40:18 snort2160: [120:3:1] (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE [Classification: Unknown Traffic] [Priority: 3] {TCP} 192.168.2.1:80 -> 192.168.2.102:21832

But it should include the hostname between the date and the process (snort) in this case.

History

#1 Updated by Jim Pingle over 5 years ago

  • Status changed from New to Rejected

Squid/snort inconsistencies in the report aside, syslog does not include that. It's up to the remote system to identify it by the source IP of the log data and put it in the logs entries.

#2 Updated by Patrick Hieber over 5 years ago

sorry - snort not squid ;)
The remote system can detect the sender, of cause. But if you ommit the hostname, it's not syslog (RFC)! Also, other processes correctly include the hostname and it should also be contained in the snort logs to be consistent.

Also available in: Atom PDF