Software Update: Suricata 3.1.2

The second update for version 3.1 of Suricata has been released. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. It can be used to monitor network traffic and alert a system administrator if anything suspicious is detected. Development is overseen by the Open Information Security Foundation, with support from the community and various manufacturers. The with it on json Based logging system Eve collected data can be done with, among other things, log stash are used to display information graphically again at to give. The following improvements have been made in this release:

changes

• Feature #1830: support tag in eve log
• Feature #1870: make logged flow_id more unique
• Feature #1874: Support Cisco Fabric Path / DCE
• Feature #1885: eve: add option to log all dropped packets
• Feature #1886: dns: output filtering
• Bug #1849: ICMPv6 incorrect checksum alert if Ethernet FCS is present
• Bug #1853: fix dce_stub_data buffer
• Bug #1854: unified2: logging of tagged packets not working
• Bug #1856: PCAP mode device not found
• Bug #1858: Lots of TCP ‘duplicated option/DNS malformed request data’ after upgrading from 3.0.1 to 3.1.1
• Bug #1878: dns: crash while logging sshfp records
• Bug #1880: icmpv4 error packets can lead to missed detection in tcp/udp
• Bug #1884: libhtp 0.5.22

Logstash Kibana fed with information from Suricata with json output.