An entry in the logs (iso_cotp.log and s7comm.log) cannot be associated with the sender of the message. Since each s7comm-packet causes an entry, this additional information would be very helpful.
Example:
This PCAP generates the following iso_cotp.log:
The first log entry was caused by 134.249.62.206 and the second one by 134.249.61.163. This is not clear by analyzing the log file.
Suggestion: Adding a new column/attribute in each log type (iso_cotp.log and s7comm.log) for the _isorig parameter which is already passed by the event but not used.
Edit: I can also create the pull request with the adjustments. Of course, only if you agree.
An entry in the logs (iso_cotp.log and s7comm.log) cannot be associated with the sender of the message. Since each s7comm-packet causes an entry, this additional information would be very helpful.
Example: This PCAP generates the following iso_cotp.log:
The first log entry was caused by 134.249.62.206 and the second one by 134.249.61.163. This is not clear by analyzing the log file.
Suggestion: Adding a new column/attribute in each log type (iso_cotp.log and s7comm.log) for the _isorig parameter which is already passed by the event but not used.
Edit: I can also create the pull request with the adjustments. Of course, only if you agree.