From 17ed70dcb59227dfd9bd5e2789aea13043dda6b4 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 21 May 2025 16:44:13 +0200 Subject: [PATCH] eve/schema: reformat with clang-format --- etc/schema.json | 201 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 134 insertions(+), 67 deletions(-) diff --git a/etc/schema.json b/etc/schema.json index d1a5139589..dad1e1dfe3 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -989,7 +989,8 @@ "type": "integer" } }, - "description": "A Secure Shell fingerprint, used to verify the system\u2019s authenticity" + "description": + "A Secure Shell fingerprint, used to verify the system\u2019s authenticity" }, "ttl": { "type": "integer" @@ -1087,7 +1088,8 @@ }, "SSHFP": { "type": "array", - "description": "A Secure Shell fingerprint is used to verify the system\u2019s authenticity", + "description": + "A Secure Shell fingerprint is used to verify the system\u2019s authenticity", "minItems": 1, "items": { "type": "object", @@ -1113,7 +1115,8 @@ } } }, - "desription": "DNS fields grouped by type: alternative format, no direct keywords", + "desription": + "DNS fields grouped by type: alternative format, no direct keywords", "suricata": { "keywords": false } @@ -1159,7 +1162,8 @@ }, "rrname_truncated": { "type": "boolean", - "description": "Set to true if the rrname was too long and truncated by Suricata" + "description": + "Set to true if the rrname was too long and truncated by Suricata" }, "rrtype": { "type": "string", @@ -1183,7 +1187,8 @@ }, "query": { "type": "array", - "$comment": "EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.", + "$comment": + "EVE DNS v2 style query logging; as of Suricata 8 only used in DNS records when v2 logging is enabled, not used for DNS records logged as part of an event.", "minItems": 1, "items": { "type": "object", @@ -1864,7 +1869,8 @@ "description": "What triggered the exception" } }, - "description": "The exception policy(ies) triggered by the flow. Not logged if none was triggered" + "description": + "The exception policy(ies) triggered by the flow. Not logged if none was triggered" }, "pkts_toclient": { "type": "integer", @@ -2003,7 +2009,8 @@ }, "host": { "type": "string", - "$comment": "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919", + "$comment": + "May change to sensor_name in the future, or become user configurable: https://redmine.openinfosecfoundation.org/issues/4919", "description": "the sensor-name, if configured" }, "http": { @@ -3723,7 +3730,8 @@ }, "password_redacted": { "type": "boolean", - "description": "indicates if a password message was received but not logged due to Suricata settings" + "description": + "indicates if a password message was received but not logged due to Suricata settings" }, "process_id": { "type": "integer" @@ -3981,7 +3989,8 @@ "properties": { "cyu": { "type": "array", - "description": "ja3-like fingerprint for versions of QUIC before standardization", + "description": + "ja3-like fingerprint for versions of QUIC before standardization", "minItems": 1, "items": { "type": "object", @@ -4346,12 +4355,14 @@ "email": { "type": "string", "optional": true, - "description": "Email address for the person responsible for the conference" + "description": + "Email address for the person responsible for the conference" }, "encryption_key": { "type": "string", "optional": true, - "description": "Field used to convey encryption keys if SDP is used over a secure channel" + "description": + "Field used to convey encryption keys if SDP is used over a secure channel" }, "media_descriptions": { "type": "array", @@ -4363,7 +4374,8 @@ "properties": { "attributes": { "type": "array", - "description": "A list of attributes specified for a media description", + "description": + "A list of attributes specified for a media description", "optional": true, "minItems": 1, "items": { @@ -4388,7 +4400,8 @@ "encryption_key": { "type": "string", "optional": true, - "description": "Field used to convey encryption keys if SDP is used over a secure channel" + "description": + "Field used to convey encryption keys if SDP is used over a secure channel" }, "media": { "type": "string", @@ -4397,7 +4410,8 @@ "media_info": { "type": "string", "optional": true, - "description": "Media information primarily intended for labelling media streams" + "description": + "Media information primarily intended for labelling media streams" } }, "optional": true @@ -4410,7 +4424,8 @@ "phone_number": { "type": "string", "optional": true, - "description": "Phone number for the person responsible for the conference" + "description": + "Phone number for the person responsible for the conference" }, "session_info": { "type": "string", @@ -4446,7 +4461,8 @@ "timezone": { "type": "string", "optional": true, - "description": "Timezone to specify adjustments for times and offsets from the base time" + "description": + "Timezone to specify adjustments for times and offsets from the base time" }, "uri": { "type": "string", @@ -4867,7 +4883,8 @@ "additionalProperties": false, "properties": { "bittorrent-dht": { - "description": "Errors encountered parsing BitTorrent DHT protocol", + "description": + "Errors encountered parsing BitTorrent DHT protocol", "$ref": "#/$defs/stats_applayer_error" }, "dcerpc_tcp": { @@ -4934,11 +4951,13 @@ "$ref": "#/$defs/stats_applayer_error" }, "krb5_tcp": { - "description": "Errors encountered parsing Kerberos v5/TCP protocol", + "description": + "Errors encountered parsing Kerberos v5/TCP protocol", "$ref": "#/$defs/stats_applayer_error" }, "krb5_udp": { - "description": "Errors encountered parsing Kerberos v5/UDP protocol", + "description": + "Errors encountered parsing Kerberos v5/UDP protocol", "$ref": "#/$defs/stats_applayer_error" }, "ldap_tcp": { @@ -5222,7 +5241,8 @@ "properties": { "bittorrent-dht": { "type": "integer", - "description": "Number of transactions for BitTorrent DHT protocol" + "description": + "Number of transactions for BitTorrent DHT protocol" }, "dcerpc_tcp": { "type": "integer", @@ -5289,11 +5309,13 @@ }, "krb5_tcp": { "type": "integer", - "description": "Number of transactions for Kerberos v5/TCP protocol" + "description": + "Number of transactions for Kerberos v5/TCP protocol" }, "krb5_udp": { "type": "integer", - "description": "Number of transactions for Kerberos v5/UDP protocol" + "description": + "Number of transactions for Kerberos v5/UDP protocol" }, "ldap_tcp": { "type": "integer", @@ -5438,7 +5460,8 @@ "properties": { "trunc_pkt": { "type": "integer", - "description": "Number of packets truncated by AF_PACKET" + "description": + "Number of packets truncated by AF_PACKET" } } }, @@ -6147,11 +6170,13 @@ }, "max_frags_reached": { "type": "integer", - "description": "How many times a fragment wasn't stored due to max-frags limit being reached" + "description": + "How many times a fragment wasn't stored due to max-frags limit being reached" }, "max_trackers_reached": { "type": "integer", - "description": "How many times a packet wasn't reassembled due to max-trackers limit being reached" + "description": + "How many times a packet wasn't reassembled due to max-trackers limit being reached" }, "memuse": { "type": "integer", @@ -6168,11 +6193,13 @@ }, "tracker_hard_reuse": { "type": "integer", - "description": "Active tracker force closed before completion and reused for new tracker" + "description": + "Active tracker force closed before completion and reused for new tracker" }, "tracker_soft_reuse": { "type": "integer", - "description": "Finished tracker re-used from hash table before being moved to spare pool" + "description": + "Finished tracker re-used from hash table before being moved to spare pool" }, "wrk": { "type": "object", @@ -6232,7 +6259,8 @@ "properties": { "blocked_function_errors": { "type": "integer", - "description": "Counter for Lua scripts failing due to blocked functions being called" + "description": + "Counter for Lua scripts failing due to blocked functions being called" }, "errors": { "type": "integer", @@ -6240,7 +6268,8 @@ }, "instruction_limit_errors": { "type": "integer", - "description": "Count of Lua rules exceeding the instruction limit" + "description": + "Count of Lua rules exceeding the instruction limit" }, "memory_limit_errors": { "type": "integer", @@ -6265,36 +6294,42 @@ "app_layer": { "type": "object", "error": { - "description": "Consolidated stats on how many times app-layer error exception policy was applied, and which one", + "description": + "Consolidated stats on how many times app-layer error exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" } }, "defrag": { "type": "object", "memcap": { - "description": "How many times defrag memcap exception policy was applied, and which one", + "description": + "How many times defrag memcap exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" } }, "flow": { "type": "object", "memcap": { - "description": "How many times flow memcap exception policy was applied, and which one", + "description": + "How many times flow memcap exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" } }, "tcp": { "type": "object", "midstream": { - "description": "How many times midstream exception policy was applied, and which one", + "description": + "How many times midstream exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" }, "ssn_memcap": { - "description": "How many times session memcap exception policy was applied, and which one", + "description": + "How many times session memcap exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" }, "reassembly": { - "description": "How many times reassembly memcap exception policy was applied, and which one", + "description": + "How many times reassembly memcap exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" } } @@ -6406,23 +6441,28 @@ }, "get_used": { "type": "integer", - "description": "Number of reused flows from the hash table in case memcap was reached and spare pool was empty" + "description": + "Number of reused flows from the hash table in case memcap was reached and spare pool was empty" }, "get_used_eval": { "type": "integer", - "description": "Number of attempts at getting a flow directly from the hash" + "description": + "Number of attempts at getting a flow directly from the hash" }, "get_used_eval_busy": { "type": "integer", - "description": "Number of times a flow was found in the hash but the lock for hash bucket could not be obtained" + "description": + "Number of times a flow was found in the hash but the lock for hash bucket could not be obtained" }, "get_used_eval_reject": { "type": "integer", - "description": "Number of flows that were evaluated but rejected from reuse as they were still alive/active" + "description": + "Number of flows that were evaluated but rejected from reuse as they were still alive/active" }, "get_used_failed": { "type": "integer", - "description": "Number of times retrieval of flow from hash was attempted but was unsuccessful" + "description": + "Number of times retrieval of flow from hash was attempted but was unsuccessful" }, "icmpv4": { "type": "integer", @@ -6446,7 +6486,8 @@ "properties": { "flows_checked": { "type": "integer", - "description": "number of flows checked for timeout in the last pass" + "description": + "number of flows checked for timeout in the last pass" }, "flows_evicted": { "type": "integer", @@ -6454,7 +6495,8 @@ }, "flows_evicted_needs_work": { "type": "integer", - "description": "number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work" + "description": + "number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work" }, "flows_notimeout": { "type": "integer", @@ -6466,7 +6508,8 @@ }, "full_hash_pass": { "type": "integer", - "description": "number of times a full pass of the hash table was done" + "description": + "number of times a full pass of the hash table was done" }, "rows_maxlen": { "type": "integer", @@ -6474,7 +6517,8 @@ }, "rows_per_sec": { "type": "integer", - "description": "number of rows to be scanned every second by a worker" + "description": + "number of rows to be scanned every second by a worker" } } }, @@ -6506,7 +6550,8 @@ }, "tcp_reuse": { "type": "integer", - "description": "Number of TCP flows that were reused as they seemed to share the same flow tuple" + "description": + "Number of TCP flows that were reused as they seemed to share the same flow tuple" }, "total": { "type": "integer", @@ -6701,31 +6746,38 @@ "properties": { "applayer_error": { "type": "integer", - "description": "Number of packets dropped due to app-layer error exception policy" + "description": + "Number of packets dropped due to app-layer error exception policy" }, "applayer_memcap": { "type": "integer", - "description": "Number of packets dropped due to applayer memcap" + "description": + "Number of packets dropped due to applayer memcap" }, "decode_error": { "type": "integer", - "description": "Number of packets dropped due to decoding errors" + "description": + "Number of packets dropped due to decoding errors" }, "default_app_policy": { "type": "integer", - "description": "Number of packets dropped due to default app policy" + "description": + "Number of packets dropped due to default app policy" }, "default_packet_policy": { "type": "integer", - "description": "Number of packets dropped due to default packet policy" + "description": + "Number of packets dropped due to default packet policy" }, "defrag_error": { "type": "integer", - "description": "Number of packets dropped due to defragmentation errors" + "description": + "Number of packets dropped due to defragmentation errors" }, "defrag_memcap": { "type": "integer", - "description": "Number of packets dropped due to defrag memcap exception policy" + "description": + "Number of packets dropped due to defrag memcap exception policy" }, "flow_drop": { "type": "integer", @@ -6733,7 +6785,8 @@ }, "flow_memcap": { "type": "integer", - "description": "Number of packets dropped due to flow memcap exception policy" + "description": + "Number of packets dropped due to flow memcap exception policy" }, "nfq_error": { "type": "integer", @@ -6745,31 +6798,38 @@ }, "stream_error": { "type": "integer", - "description": "Number of packets dropped due to invalid TCP stream" + "description": + "Number of packets dropped due to invalid TCP stream" }, "stream_memcap": { "type": "integer", - "description": "Number of packets dropped due to stream memcap exception policy" + "description": + "Number of packets dropped due to stream memcap exception policy" }, "stream_midstream": { "type": "integer", - "description": "Number of packets dropped due to stream midstream exception policy" + "description": + "Number of packets dropped due to stream midstream exception policy" }, "stream_reassembly": { "type": "integer", - "description": "Number of packets dropped due to stream reassembly exception policy" + "description": + "Number of packets dropped due to stream reassembly exception policy" }, "stream_urgent": { "type": "integer", - "description": "Number of packets dropped due to TCP urgent flag" + "description": + "Number of packets dropped due to TCP urgent flag" }, "threshold_detection_filter": { "type": "integer", - "description": "Number of packets dropped due to threshold detection filter" + "description": + "Number of packets dropped due to threshold detection filter" }, "tunnel_packet_drop": { "type": "integer", - "description": "Number of packets dropped due to inner tunnel packet being dropped" + "description": + "Number of packets dropped due to inner tunnel packet being dropped" } }, "description": "Number of dropped packets, grouped by drop reason" @@ -6790,7 +6850,8 @@ "properties": { "pressure": { "type": "integer", - "description": "Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http" + "description": + "Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http" }, "pressure_max": { "type": "integer", @@ -6961,7 +7022,8 @@ }, "tc_urgent_oob_data": { "type": "integer", - "description": "Number of Out-of-Band bytes sent by server using TCP urgent packets" + "description": + "Number of Out-of-Band bytes sent by server using TCP urgent packets" }, "tcp_flags": { "type": "string" @@ -6980,7 +7042,8 @@ }, "ts_urgent_oob_data": { "type": "integer", - "description": "Number of Out-of-Band bytes sent by client using TCP urgent packets" + "description": + "Number of Out-of-Band bytes sent by client using TCP urgent packets" }, "urg": { "type": "boolean" @@ -7413,7 +7476,8 @@ }, "tx_guessed": { "type": "boolean", - "description": "the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect" + "description": + "the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect" }, "tx_id": { "type": "integer" @@ -7499,7 +7563,8 @@ }, "rdata_truncated": { "type": "boolean", - "description": "Set to true if the rdata was too long and truncated by Suricata" + "description": + "Set to true if the rdata was too long and truncated by Suricata" }, "rrname": { "type": "string", @@ -7512,7 +7577,8 @@ }, "rrname_truncated": { "type": "boolean", - "description": "Set to true if the rrname was too long and truncated by Suricata" + "description": + "Set to true if the rrname was too long and truncated by Suricata" }, "rrtype": { "type": "string" @@ -7584,7 +7650,8 @@ "description": "Number of errors allocating memory" }, "exception_policy": { - "description": "How many times app-layer error exception policy was applied, and which one", + "description": + "How many times app-layer error exception policy was applied, and which one", "$ref": "#/$defs/exceptionPolicy" }, "gap": {