suricata

Commit Graph

Author	SHA1	Message	Date
Jason Ish	e71f2b22fa	doc: add removal of individual json loggers Add link to multiple eve instances as a replacement for this feature.	5 years ago
Sascha Steinbiss	4e1a41a17d	output-json: add MAC address output This commit adds MAC address output to the EVE-JSON format. We follow the remarks made in Redmine ticket #962: for packets, log MAC src/dst as a scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names are different between flow and packet context to avoid type confusion (src_mac vs. src_macs). Configuration approach and JSON representation is taken from previous GitHub PR #2700.	5 years ago
Jeff Lucovsky	a5d30a3220	doc/output: Document multithreaded eve option	5 years ago
Jason Ish	718fcbb682	doc: document eve/dns v2 as the default Adds eve/dns v2 format documentation. Update legacy format to require the version field.	5 years ago
Jeff Lucovsky	17c3e22ecd	doc/eve.alert: Expand metadata description	5 years ago
Jason Ish	0cd5452194	doc: mark independent json loggers as deprecated This is the loggers such as alert-json-log, dns-json-log, etc. They are not even referenced in the default configuration file, and are easily replaced with multiple eve instances.	6 years ago
Victor Julien	df325d63ea	doc/eve.anomaly: fix indent and general formatting	6 years ago
Jeff Lucovsky	075592b66f	doc: Simplified anomaly configuration settings	6 years ago
Jeff Lucovsky	aaacbf28c2	logging/anomaly: Support configuration filter types	6 years ago
Mats Klepsland	800608ab65	userguide: add JA3S fields to the TLS logger documentation	6 years ago
Jeff Lucovsky	8a94b93b7b	doc: Anomaly logging documentation This changeset adds discussion of anomaly log records and the anomaly log record format.	6 years ago
Victor Julien	c47164ebc8	doc: add table for custom values of eve/http	6 years ago
Victor Julien	473688746b	doc/eve: add community id	6 years ago
Pascal Delalande	4f48927c44	doc: spelling mistakes in various sections of the user guide	7 years ago
Mats Klepsland	47a7ebbbc2	doc: add JA3 fields to the TLS logger documentation	7 years ago
Jason Ish	74e036d09f	doc: update eve/alert/metadata configuration	7 years ago
Martin Natano	fe9cac5870	eve/alert: include rule text in alert output For SIEM analysis it is often useful to refer to the actual rules to find out why a specific alert has been triggered when the signature message does not convey enough information. Turn on the new rule flag to include the rule text in eve alert output. The feature is turned off by default. With a rule like this: alert dns $HOME_NET any -> 8.8.8.8 any (msg:"Google DNS server contacted"; sid:42;) The eve alert output might look something like this (pretty-printed for readability): { "timestamp": "2017-08-14T12:35:05.830812+0200", "flow_id": 1919856770919772, "in_iface": "eth0", "event_type": "alert", "src_ip": "10.20.30.40", "src_port": 50968, "dest_ip": "8.8.8.8", "dest_port": 53, "proto": "UDP", "alert": { "action": "allowed", "gid": 1, "signature_id": 42, "rev": 0, "signature": "Google DNS server contacted", "category": "", "severity": 3, "rule": "alert dns $HOME_NET any -> 8.8.8.8 any (msg:\"Google DNS server contacted\"; sid:43;)" }, "app_proto": "dns", "flow": { "pkts_toserver": 1, "pkts_toclient": 0, "bytes_toserver": 81, "bytes_toclient": 0, "start": "2017-08-14T12:35:05.830812+0200" } } Feature #2020	7 years ago
Eric Leblond	72c8cd67d5	doc: documentation update on metadata	7 years ago
Jason Ish	ab939f4aaa	doc: breakout eve-log section to a partial file Both the suricata.yaml and eve configuration sections included the eve-log section from suricata.yaml. First, sync these up with the actual suricata.yaml then break it out into its own file, so only one file needs to be kept in sync with the actual configuration file.	7 years ago
Julian	f27b4fc8fe	redis: support for rpush in list mode This adds a new redis mode rpush. Also more consistent config keywords orientated at the redis command: lpush and publish. Keeping list and channel config keywords for backwards compatibility	8 years ago
Jason Ish	59d69666ea	doc: add more details to log rotation doc	8 years ago
Eric Leblond	b763c7ec11	doc: document http-body logging	8 years ago
Eric Leblond	9e581436a7	doc: info about new config for alert events in EVE	8 years ago
fooinha	36667ab8a1	doc: async mode for redis eve output async: true ## if redis replies are read asynchronously	8 years ago
Mats Klepsland	8b9f84bff2	doc: add documentation for date modifiers in eve-log	8 years ago
Mats Klepsland	37a12fe799	doc: add documentation for eve-log file rotation	8 years ago
Mats Klepsland	3b23387664	doc: add documentation for eve-log file permissions	8 years ago
Mats Klepsland	ee9f822b8e	doc: add documentation for tls_cert_serial keyword	8 years ago
Mats Klepsland	e91bb09c91	doc: add documentation for TLS eve-log	8 years ago
Mats Klepsland	6a382259f8	doc: documentation for custom JSON flags in eve-log	8 years ago
Victor Julien	4126fd82a0	doc: small eve update: add dns	9 years ago
Victor Julien	aaf0fe4d29	doc: eve update	9 years ago
Jason Ish	2751baae46	doc: rename from "sphinx" to "userguide"	9 years ago

33 Commits (8f009cf9b575f21153a9b6b8c6ecff3d6401afa1)