Bug #129: filter != has unexpected results - LibpreludeDB - UNITY 360

Bug #129

filter != has unexpected results

Added by over 17 years ago. Updated about 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Yoann VANDOORSELAERE

Target version:

0.9.4

Start date:

Due date:

% Done:

Resolution:

fixed

Description

Assigning a Prewikka filter of alert.target.process.name != some_value results in filtering of events where the IDMEF field alert.target.process.name does not exist.
This behavior should be modified so that fields that don't exist don't result in the event being filtered out.

preludedb-operator-not.diff View - Attempt at fixing one instance of the reported problem (2.59 KB) Yoann VANDOORSELAERE, 02/01/2006 01:23 PM

History

#1 Updated by Yoann VANDOORSELAERE over 17 years ago

Hi Gene,

Could you try the attached patch and tell me if it help (it won't solve all instance of the problem through).

#2 Updated by Yoann VANDOORSELAERE over 17 years ago

Status changed from New to Assigned

#3 Updated by over 17 years ago

This patch fixed the specific issue faced in the example.

#4 Updated by Yoann VANDOORSELAERE over 17 years ago

Status changed from Assigned to Closed
Resolution set to fixed

(In r7769) Cleanup, fix #129.

#5 Updated by Yoann VANDOORSELAERE about 14 years ago

Project changed from PRELUDE SIEM to LibpreludeDB
Category deleted (2)
Target version deleted (~~0.9.4~~)

Also available in: Atom PDF

Project

General

Profile

Issues