Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed syslog false negatives. #1582

Merged
merged 1 commit into from
Jun 5, 2022
Merged

Fixed syslog false negatives. #1582

merged 1 commit into from
Jun 5, 2022

Conversation

utoni
Copy link
Collaborator

@utoni utoni commented Jun 4, 2022

Signed-off-by: lns [email protected]

@utoni utoni force-pushed the improved/syslog-false-negatives branch from 818b992 to 90c1bf4 Compare June 4, 2022 19:36
utoni
utoni commented Jun 4, 2022
View reviewed changes
src/lib/protocols/syslog.c Outdated Show resolved Hide resolved
IvanNardi
IvanNardi approved these changes Jun 5, 2022
View reviewed changes
Copy link
Collaborator

@IvanNardi IvanNardi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you remove 514 as default port for Syslog for TCP from ndp_main.c, please?

src/lib/protocols/syslog.c Outdated Show resolved Hide resolved
src/lib/protocols/syslog.c Outdated Show resolved Hide resolved
@utoni
Copy link
Collaborator Author

utoni commented Jun 5, 2022

Could you remove 514 as default port for Syslog for TCP from ndp_main.c, please?

But isn't 514 the default port for Syslog?

@IvanNardi
Copy link
Collaborator

Could you remove 514 as default port for Syslog for TCP from ndp_main.c, please?

But isn't 514 the default port for Syslog?

UDP, yes. No official TCP default port, AFAIK. (and 514 is reserved for RSH).

@utoni utoni force-pushed the improved/syslog-false-negatives branch from 90c1bf4 to 9bddcbd Compare June 5, 2022 20:44
@utoni
Copy link
Collaborator Author

utoni commented Jun 5, 2022

I've decided to ignore the Syslog false positive for RSH, because this will only affect midstream flows under certain and very rare conditions.

@utoni
Fixed syslog false negatives.
ca8ac94 
 - RSH vs Syslog may still happen for midstream traffic

Signed-off-by: lns <[email protected]>
@utoni utoni force-pushed the improved/syslog-false-negatives branch from 9bddcbd to ca8ac94 Compare June 5, 2022 20:48
@sonarcloud
Copy link

sonarcloud bot commented Jun 5, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@utoni utoni merged commit 0b3f8ed into ntop:dev Jun 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IvanNardi IvanNardi IvanNardi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@utoni @IvanNardi