How to filter out security scanning from logs from DicomService #1770
Unanswered
fredrikcarlbom
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We use fo-dicom for both SCP and SCU and I'd like to get rid of some false positives for our StoreScp which extends DicomService. For our production environment we are running a port and TCP scanner which tries to communicate with all ports and depending on listening service sends different data. This results in quite a lot of logs that I'd like to filter out but I feel restricted in what kind of filtering I am able to do.
My initial though was to look at source IP to determine if the traffic originated from the security scanner and if it did, either not log at all or avoid logging it as errors. I do not see any good way of doing this though. I don't find any information about source IP in the exceptions that are sent to ILogger and I do not see any way of capturing relevant exceptions by extending/overriding parts of DicomService.
The logging I'd like to get rid of is:
Exception processing PDU - FellowOakDicom.Network.DicomNetworkException: Unknown PDU type: Value varies
at FellowOakDicom.Network.DicomService.ListenAndProcessPDUAsync() - DicomService.cs#517
Does anyone have any suggestion how to filter out this message?
Beta Was this translation helpful? Give feedback.
All reactions