From a71dee5516276a90319682b38d100d5196a02436 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 24 May 2023 13:15:55 -0600 Subject: [PATCH] doc/userguide: merge logging changes in 7.0 upgrade notes Two "Logging changes" sections existed, merge. --- doc/userguide/upgrade.rst | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index f1e8b7233d..9cd66b2ab1 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -57,6 +57,9 @@ Logging changes ``ike.ikev2.errors`` and ``ike.ikev2.notify``. - FTP DATA metadata for alerts are now logged in ``ftp_data`` instead of root. - Alert ``xff`` field is now logged as ``alert.xff`` for alerts instead of at the root. +- Protocol values and their names are built into Suricata instead of using the system's ``/etc/protocols`` file. Some names and casing may have changed + in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values. + See https://redmine.openinfosecfoundation.org/issues/4267 for more information. Other changes ~~~~~~~~~~~~~ @@ -66,12 +69,6 @@ Other changes - SWF decompression in http has been disabled by default. To change the default see :ref:`suricata-yaml-configure-libhtp`. Users with configurations from previous releases may want to modify their config to match the new default. See https://redmine.openinfosecfoundation.org/issues/5632 for more information. -Logging changes -~~~~~~~~~~~~~~~ -- Protocol values and their names are built into Suricata instead of using the system's ``/etc/protocols`` file. Some names and casing may have changed - in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values. - See https://redmine.openinfosecfoundation.org/issues/4267 for more information. - Upgrading 5.0 to 6.0 -------------------- - SIP now enabled by default