From ab26323a96b5b72139e64202d3a8f0fb7ff46dd5 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 29 Aug 2024 08:31:05 -0600 Subject: [PATCH] http-log: deprecate http-log is now deprecated and will be removed in Suricata 9.0. Display a deprecation notice on use, and add notes to the userguide. Issue: #6543 --- doc/userguide/configuration/suricata-yaml.rst | 3 +++ doc/userguide/output/custom-http-logging.rst | 3 +++ doc/userguide/upgrade.rst | 4 ++++ src/log-httplog.c | 1 + suricata.yaml.in | 10 ---------- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 4c0516e088..75cf05a7af 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -424,6 +424,9 @@ Example: A line based log of HTTP requests (http.log) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. attention:: http-log is deprecated in Suricata 8.0 and will be + removed in Suricata 9.0. + This log keeps track of all HTTP-traffic events. It contains the HTTP request, hostname, URI and the User-Agent. This information will be stored in the http.log (default name, in the suricata log diff --git a/doc/userguide/output/custom-http-logging.rst b/doc/userguide/output/custom-http-logging.rst index e4ab407643..3b683337e8 100644 --- a/doc/userguide/output/custom-http-logging.rst +++ b/doc/userguide/output/custom-http-logging.rst @@ -1,6 +1,9 @@ Custom http logging =================== +.. attention:: http-log is deprecated in Suricata 8.0 and will be + removed in Suricata 9.0. + In your Suricata.yaml, find the http-log section and edit as follows: diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index e8d811e69f..591ca986ea 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -76,6 +76,10 @@ Removals ~~~~~~~~ - The ssh keywords ``ssh.protoversion`` and ``ssh.softwareversion`` have been removed. +Deprecations +~~~~~~~~~~~~ +- The ``http-log`` output is now deprecated and will be removed in Suricata 9.0. + Upgrading 6.0 to 7.0 -------------------- diff --git a/src/log-httplog.c b/src/log-httplog.c index ee561f5609..8784810072 100644 --- a/src/log-httplog.c +++ b/src/log-httplog.c @@ -547,6 +547,7 @@ TmEcode LogHttpLogThreadDeinit(ThreadVars *t, void *data) * */ OutputInitResult LogHttpLogInitCtx(ConfNode *conf) { + SCLogWarning("The http-log output has been deprecated and will be removed in Suricata 9.0."); OutputInitResult result = { NULL, false }; LogFileCtx* file_ctx = LogFileNewCtx(); if(file_ctx == NULL) { diff --git a/suricata.yaml.in b/suricata.yaml.in index 3aacfc569f..a8a63ec357 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -352,16 +352,6 @@ outputs: # state-update: false # log packets triggering a TCP state update # spurious-retransmission: false # log spurious retransmission packets - # a line based log of HTTP requests (no alerts) - - http-log: - enabled: no - filename: http.log - append: yes - #extended: yes # enable this for extended logging information - #custom: yes # enable the custom logging format (defined by customformat) - #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P" - #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' - # a line based log of TLS handshake parameters (no alerts) - tls-log: enabled: no # Log TLS connections.