Merge pull request #11558 from Security-Onion-Solutions/excludelogfp

mark suricata 7 log line as fp fo so-log-check
2025-12-06 09:12:45 +01:00 · 2023-10-17 10:02:21 -04:00
parent 86394dab01 01cb0fccb6
commit e858a1211e
1 changed files with 2 additions and 1 deletions
--- a/salt/common/tools/sbin/so-log-check
+++ b/salt/common/tools/sbin/so-log-check
@@ -136,6 +136,7 @@ if [[ $EXCLUDE_FALSE_POSITIVE_ERRORS == 'Y' ]]; then
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|invalid query input"          # false positive (Invalid user input in hunt query)
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|example"                      # false positive (example test data)
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|status 200"                   # false positive (request successful, contained error string in content)
    EXCLUDED_ERRORS="$EXCLUDED_ERRORS|app_layer.error"              # false positive (suricata 7) in stats.log e.g. app_layer.error.imap.parser | Total | 0
 fi
 if [[ $EXCLUDE_KNOWN_ERRORS == 'Y' ]]; then