Version 4.1.1 of Suricata has been released. Suricata is an open source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. It can be used to monitor network traffic and alert a system administrator if anything suspicious is detected. The Open Information Security Foundation is coordinating the development, with help from the community and various manufacturers. The with it on json Based logging system Eve collected data can be done with, among other things, log stash are used to display information graphically again at to give. The changelog for this release looks like this:
- #2637: af-packet: improve error output for BPF loading failure
- #2671: Add Log level to suricata.log when using JSON type
- Bundled Suricata Update was updated to 1.0.1
- #2502: suricata.c ConfigGetCaptureValue – PCAP/AFP fallthrough to strip_trailing_plus
- #2528: krb parser not always parsing tgs responses
- #2633: Improve error handling in AF_PACKET
- #2653: llc detection failure in configure.ac
- #2677: coverity: ja3 potential memory leak
- #2679: build with profiling enabled on generates compile warnings
- #2704: DNSv1 for Rust enabled builds.
- #2705: configure: Test for PyYAML and disable suricata-update if not installed.
- #2716: Stats interval are 1 second too early each tick
- #2717: nfs related panic in 4.1
- #2719: Failed Assertion, Suricata Abort – util-mpm-hs.c line 163 (4.1.x)
- #2723: dns v2 json output should always set top-level rrtype in responses
- #2730: rust/dns/lua – The Lua calls for DNS values when using Rust don’t behave the same as the C implementation.
- #2731: multiple instances of transaction loggers are broken
- #2734: unix runmode deadlock when using too many threads
Logstash Kibana fed with information from Suricata with json output.