filter != has unexpected results
Assigning a Prewikka filter of alert.target.process.name != some_value results in filtering of events where the IDMEF field alert.target.process.name does not exist.
This behavior should be modified so that fields that don't exist don't result in the event being filtered out.
#1 Updated by Yoann VANDOORSELAERE over 17 years ago
Could you try the attached patch and tell me if it help (it won't solve all instance of the problem through).
#2 Updated by Yoann VANDOORSELAERE over 17 years ago
- Status changed from New to Assigned
#3 Updated by over 17 years ago
This patch fixed the specific issue faced in the example.
#4 Updated by Yoann VANDOORSELAERE over 17 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed
(In r7769) Cleanup, fix #129.
#5 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to LibpreludeDB
- Category deleted (
- Target version deleted (