doc: document file-store v1 to v2 configuration changes

6 years ago · 6b8320d1c0
parent 6850dbc852
commit 6b8320d1c0
3 changed files with 17 additions and 26 deletions
--- a/doc/userguide/file-extraction/config-update.rst
+++ b/doc/userguide/file-extraction/config-update.rst
@ -1,3 +1,5 @@
+.. _filestore-update-v1-to-v2:
+
 Update File-store v1 Configuration to V2
 ========================================

--- a/doc/userguide/file-extraction/file-extraction.rst
+++ b/doc/userguide/file-extraction/file-extraction.rst
@ -1,3 +1,5 @@
+.. _File Extraction:
+
 File Extraction
 ===============

@ -66,7 +68,6 @@ of the filename. For example, if the SHA256 hex string of an extracted
 file starts with "f9bc6d..." the file we be placed in the directory
 `filestore/f9`.

-
 The size of a file that can be stored depends on ``file-store.stream-depth``,
 if this value is reached a file can be truncated and might not be stored completely.
 If not enabled, ``stream.reassembly.depth`` will be considered.
@ -103,30 +104,7 @@ logged to the ``eve`` output.
 See :ref:`suricata-yaml-file-store` for more information on
 configuring the file-store output.

-.. note:: This section documents version 2 of the ``file-store``.
-
-File-Store (Version 1)
----------------------
-
-.. note:: File-store version 1 has been deprecated and will be removed
-          by June 2020. Please use file-store v2 instead. Please see
-          the `deprecation policy`_ for more information.
-
-::
-
-  - file-store:
-      enabled: yes        # set to yes to enable
-      log-dir: files      # directory to store the files
-      force-magic: no     # force logging magic on all stored files
-      force-hash: [md5]   # force logging of md5 checksums
-      force-filestore: no # force storing of all files
-      stream-depth: 1mb   # reassemble 1mb into a stream, set to no to disable
-      waldo: file.waldo   # waldo file to store the file_id across runs
-      max-open-files: 0   # how many files to keep open (O means none)
-      write-meta: yes     # write a .meta file if set to yes
-      include-pid: yes    # include the pid in filenames if set to yes.
-
-Each file that is stored will have a name "file.<id>". The id will be reset and files will be overwritten unless the waldo option is used. A "file.<id>.meta" file is generated containing file metadata if write-meta is set to yes (default). If the include-pid option is set, the files will instead have a name "file.<pid>.<id>", and metafiles will be "file.<pid>.<id>.meta". Files will additionally have the suffix ".tmp" while they are open, which is only removed when they are finalized.
+.. note:: This section documents version 2 of the ``file-store``. Version 1 of the file-store has been removed as of Suricata version 6.

 Rules
 ~~~~~
@ -195,4 +173,9 @@ Suricata can calculate MD5 checksums of files on the fly and log them. See :doc:
   md5
   public-sha1-md5-data-sets

-.. _deprecation policy: https://suricata-ids.org/about/deprecation-policy/
+Updating Filestore Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+
+   config-update
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@ -30,6 +30,12 @@ by the ones Suricata supplies.
 Major updates include new features, new default settings and often also
 remove features.

+Upgrading 5.0 to 6.0
+--------------------
+
+Removals
+~~~~~~~~
+- File-store v1 has been removed. If using file extraction, the file-store configuration will need to be updated to version 2. See :ref:`filestore-update-v1-to-v2`.

 Upgrading 4.1 to 5.0
 --------------------