From dd786cd6e4359f260626dd1049c6a416d351e077 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Mon, 26 Jun 2023 10:57:00 -0600 Subject: [PATCH] eve/alert: warn on obsolete flags Log a warning but otherwise ignore obsolete flags under eve-log.alert. This also prevents accidentially turning off app-layer logging by attempting to disable a single protocol. These flags have been deprecated since 5.0, time to stop respecting them. Ticket: #6175 --- src/output-json-alert.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 472e6f98cd..e0ea7545ab 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -1017,20 +1017,15 @@ static void JsonAlertLogSetupMetadata(AlertJsonOutputCtx *json_output_ctx, SetFlag(conf, "http-body-printable", LOG_JSON_HTTP_BODY, &flags); SetFlag(conf, "http-body", LOG_JSON_HTTP_BODY_BASE64, &flags); - /* Check for obsolete configuration flags to enable specific - * protocols. These are now just aliases for enabling - * app-layer logging. */ - SetFlag(conf, "http", LOG_JSON_APP_LAYER, &flags); - SetFlag(conf, "tls", LOG_JSON_APP_LAYER, &flags); - SetFlag(conf, "ssh", LOG_JSON_APP_LAYER, &flags); - SetFlag(conf, "smtp", LOG_JSON_APP_LAYER, &flags); - SetFlag(conf, "dnp3", LOG_JSON_APP_LAYER, &flags); - - /* And check for obsolete configuration flags for enabling - * app-layer and flow as these have been moved under the - * metadata key. */ - SetFlag(conf, "app-layer", LOG_JSON_APP_LAYER, &flags); - SetFlag(conf, "flow", LOG_JSON_FLOW, &flags); + /* Check for obsolete flags and warn that they have no effect. */ + static const char *deprecated_flags[] = { "http", "tls", "ssh", "smtp", "dnp3", "app-layer", + "flow", NULL }; + for (int i = 0; deprecated_flags[i] != NULL; i++) { + if (ConfNodeLookupChildValue(conf, deprecated_flags[i]) != NULL) { + SCLogWarning("Found deprecated eve-log.alert flag \"%s\", this flag has no effect", + deprecated_flags[i]); + } + } const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");