Philippe Antoine
ab9b6e30b1
detect: adds flow integer keywords
...
Ticket: #6164
flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
2 years ago
Kirjan Kohuladas
c8a7204b15
doc/rule-profiling: fix suricatasc typo
2 years ago
Juliana Fajardini
54d8f45afc
userguide: add proper label to RPM install section
...
Use a reference label that is stable, instead of one that could change
in case a new section is added above it.
2 years ago
Daniel Olatunji
0e5fdbb8fb
doc: be consistent with the use of "sudo"
...
Issue: #5720
2 years ago
Comfort Amaechi
cf8b630ed2
userguide: cover install-full and install-conf
...
Ticket: #6342
2 years ago
jason taylor
535938d7f6
doc: add tls.cert_chain_len docs
...
Ticket: #6386
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Juliana Fajardini
1a132f454a
docs: adjust readthedocs config to new options
...
Our documentation was failing to build, seems connected to the new way
of indicating build options (cf
https://readthedocs.org/projects/suricata/builds/22112658/ ,
https://docs.readthedocs.io/en/stable/config-file/v2.html#build ,
and https://docs.readthedocs.io/en/stable/config-file/v2.html#build-os ).
Added the build.os required new field, and adjusted the way python
version is passed.
For the new configuration style for read the docs, one of the ways to
pass extra configuration for python is having a requirements file.
2 years ago
Juliana Fajardini
ffed5eb3d3
doc/quickstart: add software-properties instruction
...
This is indicated in the `Installation` section, but not in the
quickstart, and it felt like a valid addition, here, too.
2 years ago
Juliana Fajardini
4ab4f711de
doc/install: link to devguide's install from git
...
Although we have an updated version of instructions for installation
from git, our install guide was only referring to RedMine, which is less
up-to-date.
Kept that reference, since it might still be useful for non-Ubuntu
cases.
2 years ago
Shivani Bhardwaj
0a4011655f
doc/code-submission: add commit sign guide
2 years ago
Travis Green
96a0e7016f
doc: add tcp flags documentation
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jason Ish
2b57179d65
readthedocs: pin theme to sphinx_rtd_theme
...
ReadTheDocs changed the default theme.
2 years ago
Jason Ish
ae3b1a9e36
configure: more idiomatic autoconf for sphinx-build checks
...
- Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're
actually using the path of the program.
- Wrap some elements in [] as is done in modern idiomatic autoconf
2 years ago
Victor Julien
c0201d3212
doc/userguide: add reload-tenant(s) doc
2 years ago
Victor Julien
6ba0956a75
multi-tenant: allow reload w/o yaml path
...
Store yaml path in de ctx, for reloads w/o path.
This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
2 years ago
Victor Julien
c87803ea0e
detect: add multi-detect.config-path
...
Add option to specify path from which to load the tenants.
Mostly meant to be used in testing.
2 years ago
jason taylor
be324d7856
doc: update file.magic information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
008cc78a03
doc: update fileext keyword information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
e99b1787a2
doc: update file.name keyword information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Alexandre Iooss
c80941dd8d
doc/userguide: improve SCStreamingBuffer example
...
Add direction indication in SCStreamingBuffer usage example.
This adds documentation for the changes introduced by commit
5b1d8c7e94
.
2 years ago
Juliana Fajardini
5cef8fdfdf
userguide/ppa: fix typo
...
The launchpad repo for suricata-beta read 'oisd' instead of 'oisf'
2 years ago
Juliana Fajardini
4fd3205bf0
userguide/install: add info on ubuntu ppa installs
...
Bringing info that was only in our Redmine wiki to our documentation.
Task #6231
2 years ago
Juliana Fajardini
765b05f139
docs: miscellanea updates
...
- Fix a DPDK reference link, add some line breaks.
- Exemplify what a good commit message looks
like, for Suricata's commit style.
2 years ago
Jason Ish
3e2a62915b
doc/userguide: display version on front page
...
When viewing the docs online at Readthedocs, or similar it might be
immediately apparent what version of the documentation is being
displayed. Display the version on the first line before the table of
contents to make it clear.
2 years ago
Andreas Herz
26130d903f
doc: add note about cpu prio overwrite behavior
2 years ago
Andreas Herz
da68692547
doc: dataset - add type to be mandatory
2 years ago
Juliana Fajardini
f16d428fd1
userguide/upgrade: link to exception policy FAQ
...
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
2 years ago
Juliana Fajardini
24745b3a73
doc/userguide: update ref to installation from git
...
It was still pointing to the redmine wiki and the documentation to be
truthful to the new documentation.
2 years ago
Jason Ish
500a7abf57
doc/support-status: add support status page
...
Convert the wiki page,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status
into a page that is versioned along with the user guide.
Includes many updates to reflect our current support status.
2 years ago
Jason Ish
ad94ebddb7
doc/userguide: avoid horizontal scroll on rtd
...
Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will
wrap the text instead.
Also, vertically align to top so if a cell does wrap, other cells that
do not wrap don't place the text in the middle of the cell.
2 years ago
Juliana Fajardini
9900bdc162
userguide/eve: format and reorganize alert section
...
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
2 years ago
Juliana Fajardini
0437173848
output/drop: add verdict field
...
Related to
Bug #5464
2 years ago
Andreas Herz
24bcaf07ae
doc/upgrade: add more 6 to 7 changes and minor improvements
...
Issue: #5473
2 years ago
jason taylor
62170d2fb9
doc: hyperscan information updated
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
c95fce39f0
doc: add multi buffer support note to keyword docs
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
88960e909d
doc: add multiple buffer matching documentation
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jason Ish
0b5dc58e15
doc/userguide: more eve http upgrade notes
...
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
2 years ago
jason taylor
19a0b2b0d2
userguide: add details about tcp flow pass
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jeff Lucovsky
47e268d609
detect/byte_math: Document bytes variable name
...
Issue: 6145
Document that byte_math accepts a variable name for bytes (optional)
2 years ago
Jeff Lucovsky
3a4554fc2b
detect/byte-jump: Document var usage for nbytes
...
Issue: 6105
2 years ago
Jeff Lucovsky
73b943276e
doc/byte_test: Document byte_test variable usage
...
Issue: 6144
This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
2 years ago
Lukas Sismis
5a3ecbde62
doc: update install instructions
...
Ticket: #5987
2 years ago
Shivani Bhardwaj
b6f8f5eb3b
doc/http: use "sticky buffer" where applicable
2 years ago
Jeff Lucovsky
ac8f91f44f
config: Document cluster_rollover deprecation
...
Issue: 6128
cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
2 years ago
Jeff Lucovsky
29621c7f0d
doc/afpacket: Document rollover deprecation
2 years ago
Juliana Fajardini
e306bc6ecc
exception: fix use of master switch with default
...
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.
Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.
Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.
Bug #6169
2 years ago
Shivani Bhardwaj
18947c01e0
suricatasc: update running instructions
2 years ago
Jeff Lucovsky
d822ba58e1
doc/multi-tenant: Clarify live traffic support
...
Issue: 5930
This commit clarifies the live traffic support for multi-tenancy.
2 years ago
Shivani Bhardwaj
aeb408dd9d
doc: fix typo encryption-handling
2 years ago
Jason Ish
90bb73046c
userguide/security: grammar fixes
...
Apply grammer fixes brought up in GitHub review comments by Juliana.
2 years ago
liaozhiyuan
a748164d58
dpdk: support multiple same EAL arguments
...
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.
Ticket: #5964
2 years ago
Jason Ish
5f598931ac
doc/userguide: start on a security chapter
...
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
2 years ago
Jason Ish
14daa42e0b
doc/userguide: dataset upgrade notes
2 years ago
Jason Ish
4a97461f9a
doc/userguide: notes about Lua rules being disabled by default
2 years ago
Juliana Fajardini
c0db25d055
userguide: update exception policy behaviors table
...
Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.
Related to
Bug #5825
2 years ago
Juliana Fajardini
0c2922f02e
doc: add midstream scenarios for exception policy
...
The different interactions between midstream pick-up sessions and the
exception policy can be quite difficult to visualize. Add a section for
that in the userguide.
Related to
Bug #5825
2 years ago
Philippe Antoine
415b036dca
http1: implement http.request_header
...
So that it is generic for HTTP1 and HTTP2
Ticket: #5780
2 years ago
Philippe Antoine
7256ec8a6e
detect/http2: do not escape ':' in header name or value
...
for keywords http.request_header and http.response_header
Ticket: #5780
2 years ago
Philippe Antoine
656554f293
http2: rename http2.header to http.request_header
...
Or http.response_header based on the direction
http2.header had a different behavior than http.header and this was
confusing.
Ticket: #5780
2 years ago
Philippe Antoine
e30f4943ae
doc: GitHub PRs workflow
2 years ago
Jeremy MountainJohnson
435d74d744
userguide/install: add info on arch-based installs
...
Add Arch AUR information for installation on Arch-based distros.
2 years ago
Philippe Antoine
5c419b79b7
doc: upgrade guide for logging http custom headers
...
Ticket: #5320
2 years ago
Juliana Fajardini
f83c67bbb5
doc: add missing rule to engine-analysis section
...
The first report didn't have an example rule to go with.
2 years ago
Lukas Sismis
11c3aa868d
doc: add DPDK Bond PMD docs
...
Ticket: #6099
2 years ago
Philippe Antoine
9287cbc33a
http: logs custom headers in a subobject
...
This subobject is request_headers or response_headers
This especially avoids json keys collisions.
Ticket: #5320
Also fixes typo referrer/referer
2 years ago
Jason Ish
5af73b3879
doc/userguide: document include files
...
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
2 years ago
Jason Ish
a71dee5516
doc/userguide: merge logging changes in 7.0 upgrade notes
...
Two "Logging changes" sections existed, merge.
2 years ago
Jason Ish
f8620d0ed2
docs: update url to docs.suricata.io
2 years ago
Victor Julien
3de687f30c
profiling/rules: doc updates
2 years ago
Eric Leblond
694bff11ac
doc: add rule profiling information
2 years ago
Jason Ish
b0c329da04
doc/userguide: provide more RPM doc
...
- Address the various RPM distributions
- User info
- Systemd info
Related issue: #5884
2 years ago
Eloy Pérez González
b3c7130749
krb5: update krb5_msg_type keyword docs
2 years ago
Lukas Sismis
1c3cb1e8cc
docs: refactor DPDK docs and add performance tuning section
...
Ticket: #5857
Ticket: #5858
2 years ago
Lukas Sismis
03319263db
docs: wrap DPDK doc section at 80 chars
2 years ago
Lukas Sismis
d0bf3ba638
dpdk: add configure option
...
Ticket: #5859
2 years ago
Victor Julien
0903536fd6
doc: spelling
...
Thanks to Josh Soref.
2 years ago
Philippe Antoine
9bd2b72e2b
doc: explain where tls.store stores certificates
...
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
2 years ago
Victor Julien
c0d9b3c078
doc/userguide: spelling
2 years ago
Wes Hurd
aee41957e1
doc: add docutils.conf to disable smart quotes
2 years ago
Andreas Herz
3045e75ee1
doc: add note on the hashsize recommendation for datasets
2 years ago
Victor Julien
a006aef4d0
doc: fix description of iptables rules
2 years ago
Bazzan Don
38b3fffbc7
doc/optimization: move "convert.py" to Python3
...
Ticket: #5596
2 years ago
Morris Chan
b9aac6dd18
yaml: grammar fixup
2 years ago
Juliana Fajardini
ae2a477978
devguide: clarify clang formatting changes policy
...
It was pointed out by a contributor that our workflow mentioned
rewrite-branch as the preferred way, while in fact our policy is to add
said changes to a different commit. Updating documentation to prevent
other situations like that.
2 years ago
Rafael Girão
6ec3bc189a
docs: remove obsolete af-packet warning
2 years ago
John Dewey
365bec3da6
netmap: Correct LB + Netmap YAML usage
...
Corrected the example YAML configuration when using Netmap and
LB.
2 years ago
Jeff Lucovsky
0ad6d4358f
add to doc/pfring: Document additional cluster types
2 years ago
Jeff Lucovsky
b1918168f9
doc/pfring: Document additional cluster types
...
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.
Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple
Issue: 5975
2 years ago
Philippe Antoine
59734d16a1
detect: use http.connection to client
...
Ticket: #5746
2 years ago
Philippe Antoine
6bc7f02e13
doc: rules can have http1 as protocol
...
Ticket: #5962
2 years ago
Jeff Lucovsky
fd46c93a8f
doc/byte_math: Add divide by 0 discussion.
...
Issue: 5945
2 years ago
Juliana Fajardini
d314b57e6b
userguide/muti-tenant: fix typo
2 years ago
jason taylor
5abcd50142
doc: add tenant id value requirement
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Juliana Fajardini
31066c7c3b
docs: clarify exception policy's supported values
...
As flow.memcap-policy and defrag.memcap-policy do not support flow
actions, clarify that in the documentation. Also fix some typos, and
add missing values in some places where the exception policies were
explained.
Related to
Bug #5940
2 years ago
Jeff Lucovsky
35bbdf4124
doc/content: Add limits for distance/within
...
Ticket: 5740
2 years ago
Philippe Antoine
8f9cd8ff1a
doc: security.limit-noproc upgrade note
...
Ticket: #5621
2 years ago
Shivani Bhardwaj
0f3e7761da
doc: add dataset examples
2 years ago
Lancer Cheng
6142593a69
doc: add version filed in NTLMSSP documentation
...
Bug OISF#5783
2 years ago
Haleema Khan
609df1776e
userguide: update tls keywords information
...
Ticket #5544
2 years ago
jason taylor
8e5b1fe8e6
userguide: add DHCP EVE log information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago