From 0cd545219448f42b6975af1503425d6dc5b0540d Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 1 Oct 2019 09:30:21 -0600
Subject: [PATCH] doc: mark independent json loggers as deprecated

This is the loggers such as alert-json-log, dns-json-log, etc.
They are not even referenced in the default configuration file,
and are easily replaced with multiple eve instances.
---
 doc/userguide/output/eve/eve-json-output.rst | 46 +++++---------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 77feb21905..b989b1d2d6 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -314,43 +314,14 @@ It is possible to have multiple 'EVE' instances, for example the following is va
 
 So here the alerts and drops go into 'eve-ips.json', while http, dns and tls go into 'eve-nsm.json'.
 
-In addition to this, each log can be handled completely separately:
+With the exception of ``drop``, you can specify multiples of the same
+logger type, however, ``drop`` can only be used once.
 
-::
-
-  outputs:
-    - alert-json-log:
-        enabled: yes
-        filename: alert-json.log
-    - dns-json-log:
-        enabled: yes
-        filename: dns-json.log
-    - drop-json-log:
-        enabled: yes
-        filename: drop-json.log
-    - http-json-log:
-        enabled: yes
-        filename: http-json.log
-    - ssh-json-log:
-        enabled: yes
-        filename: ssh-json.log
-    - tls-json-log:
-        enabled: yes
-        filename: tls-json.log
-
-For most output types, you can add multiple:
-
-::
-
-  outputs:
-    - alert-json-log:
-        enabled: yes
-        filename: alert-json1.log
-    - alert-json-log:
-        enabled: yes
-        filename: alert-json2.log
-
-Except for ``drop`` for which only a single logger instance is supported.
+.. note:: The use of independent json loggers such as alert-json-log,
+          dns-json-log, etc. has been deprecated and will be removed
+          by June 2020. Please use multiple eve-log instances as
+          documented above instead. Please see the `deprecation
+          policy`_ for more information.
 
 File permissions
 ~~~~~~~~~~~~~~~~
@@ -460,3 +431,6 @@ YAML::
       community-id: false
       # Seed value for the ID output. Valid values are 0-65535.
       community-id-seed: 0
+
+
+.. _deprecation policy: https://suricata-ids.org/about/deprecation-policy/