Juliana Fajardini
ffed5eb3d3
doc/quickstart: add software-properties instruction
...
This is indicated in the `Installation` section, but not in the
quickstart, and it felt like a valid addition, here, too.
2 years ago
Juliana Fajardini
4ab4f711de
doc/install: link to devguide's install from git
...
Although we have an updated version of instructions for installation
from git, our install guide was only referring to RedMine, which is less
up-to-date.
Kept that reference, since it might still be useful for non-Ubuntu
cases.
2 years ago
Shivani Bhardwaj
0a4011655f
doc/code-submission: add commit sign guide
2 years ago
Travis Green
96a0e7016f
doc: add tcp flags documentation
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jason Ish
2b57179d65
readthedocs: pin theme to sphinx_rtd_theme
...
ReadTheDocs changed the default theme.
2 years ago
Jason Ish
ae3b1a9e36
configure: more idiomatic autoconf for sphinx-build checks
...
- Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're
actually using the path of the program.
- Wrap some elements in [] as is done in modern idiomatic autoconf
2 years ago
Victor Julien
c0201d3212
doc/userguide: add reload-tenant(s) doc
2 years ago
Victor Julien
6ba0956a75
multi-tenant: allow reload w/o yaml path
...
Store yaml path in de ctx, for reloads w/o path.
This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
2 years ago
Victor Julien
c87803ea0e
detect: add multi-detect.config-path
...
Add option to specify path from which to load the tenants.
Mostly meant to be used in testing.
2 years ago
jason taylor
be324d7856
doc: update file.magic information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
008cc78a03
doc: update fileext keyword information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
e99b1787a2
doc: update file.name keyword information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Alexandre Iooss
c80941dd8d
doc/userguide: improve SCStreamingBuffer example
...
Add direction indication in SCStreamingBuffer usage example.
This adds documentation for the changes introduced by commit
5b1d8c7e94
.
2 years ago
Juliana Fajardini
5cef8fdfdf
userguide/ppa: fix typo
...
The launchpad repo for suricata-beta read 'oisd' instead of 'oisf'
2 years ago
Juliana Fajardini
4fd3205bf0
userguide/install: add info on ubuntu ppa installs
...
Bringing info that was only in our Redmine wiki to our documentation.
Task #6231
2 years ago
Juliana Fajardini
765b05f139
docs: miscellanea updates
...
- Fix a DPDK reference link, add some line breaks.
- Exemplify what a good commit message looks
like, for Suricata's commit style.
2 years ago
Jason Ish
3e2a62915b
doc/userguide: display version on front page
...
When viewing the docs online at Readthedocs, or similar it might be
immediately apparent what version of the documentation is being
displayed. Display the version on the first line before the table of
contents to make it clear.
2 years ago
Andreas Herz
26130d903f
doc: add note about cpu prio overwrite behavior
2 years ago
Andreas Herz
da68692547
doc: dataset - add type to be mandatory
2 years ago
Juliana Fajardini
f16d428fd1
userguide/upgrade: link to exception policy FAQ
...
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
2 years ago
Juliana Fajardini
24745b3a73
doc/userguide: update ref to installation from git
...
It was still pointing to the redmine wiki and the documentation to be
truthful to the new documentation.
2 years ago
Jason Ish
500a7abf57
doc/support-status: add support status page
...
Convert the wiki page,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status
into a page that is versioned along with the user guide.
Includes many updates to reflect our current support status.
2 years ago
Jason Ish
ad94ebddb7
doc/userguide: avoid horizontal scroll on rtd
...
Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will
wrap the text instead.
Also, vertically align to top so if a cell does wrap, other cells that
do not wrap don't place the text in the middle of the cell.
2 years ago
Juliana Fajardini
9900bdc162
userguide/eve: format and reorganize alert section
...
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
2 years ago
Juliana Fajardini
0437173848
output/drop: add verdict field
...
Related to
Bug #5464
2 years ago
Andreas Herz
24bcaf07ae
doc/upgrade: add more 6 to 7 changes and minor improvements
...
Issue: #5473
2 years ago
jason taylor
62170d2fb9
doc: hyperscan information updated
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
c95fce39f0
doc: add multi buffer support note to keyword docs
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor
88960e909d
doc: add multiple buffer matching documentation
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jason Ish
0b5dc58e15
doc/userguide: more eve http upgrade notes
...
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
2 years ago
jason taylor
19a0b2b0d2
userguide: add details about tcp flow pass
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jeff Lucovsky
47e268d609
detect/byte_math: Document bytes variable name
...
Issue: 6145
Document that byte_math accepts a variable name for bytes (optional)
2 years ago
Jeff Lucovsky
3a4554fc2b
detect/byte-jump: Document var usage for nbytes
...
Issue: 6105
2 years ago
Jeff Lucovsky
73b943276e
doc/byte_test: Document byte_test variable usage
...
Issue: 6144
This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
2 years ago
Lukas Sismis
5a3ecbde62
doc: update install instructions
...
Ticket: #5987
2 years ago
Shivani Bhardwaj
b6f8f5eb3b
doc/http: use "sticky buffer" where applicable
2 years ago
Jeff Lucovsky
ac8f91f44f
config: Document cluster_rollover deprecation
...
Issue: 6128
cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
2 years ago
Jeff Lucovsky
29621c7f0d
doc/afpacket: Document rollover deprecation
2 years ago
Juliana Fajardini
e306bc6ecc
exception: fix use of master switch with default
...
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.
Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.
Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.
Bug #6169
2 years ago
Shivani Bhardwaj
18947c01e0
suricatasc: update running instructions
2 years ago
Jeff Lucovsky
d822ba58e1
doc/multi-tenant: Clarify live traffic support
...
Issue: 5930
This commit clarifies the live traffic support for multi-tenancy.
2 years ago
Shivani Bhardwaj
aeb408dd9d
doc: fix typo encryption-handling
2 years ago
Jason Ish
90bb73046c
userguide/security: grammar fixes
...
Apply grammer fixes brought up in GitHub review comments by Juliana.
2 years ago
liaozhiyuan
a748164d58
dpdk: support multiple same EAL arguments
...
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.
Ticket: #5964
2 years ago
Jason Ish
5f598931ac
doc/userguide: start on a security chapter
...
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
2 years ago
Jason Ish
14daa42e0b
doc/userguide: dataset upgrade notes
2 years ago
Jason Ish
4a97461f9a
doc/userguide: notes about Lua rules being disabled by default
2 years ago
Juliana Fajardini
c0db25d055
userguide: update exception policy behaviors table
...
Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.
Related to
Bug #5825
2 years ago
Juliana Fajardini
0c2922f02e
doc: add midstream scenarios for exception policy
...
The different interactions between midstream pick-up sessions and the
exception policy can be quite difficult to visualize. Add a section for
that in the userguide.
Related to
Bug #5825
2 years ago
Philippe Antoine
415b036dca
http1: implement http.request_header
...
So that it is generic for HTTP1 and HTTP2
Ticket: #5780
2 years ago
Philippe Antoine
7256ec8a6e
detect/http2: do not escape ':' in header name or value
...
for keywords http.request_header and http.response_header
Ticket: #5780
2 years ago
Philippe Antoine
656554f293
http2: rename http2.header to http.request_header
...
Or http.response_header based on the direction
http2.header had a different behavior than http.header and this was
confusing.
Ticket: #5780
2 years ago
Philippe Antoine
e30f4943ae
doc: GitHub PRs workflow
2 years ago
Jeremy MountainJohnson
435d74d744
userguide/install: add info on arch-based installs
...
Add Arch AUR information for installation on Arch-based distros.
2 years ago
Philippe Antoine
5c419b79b7
doc: upgrade guide for logging http custom headers
...
Ticket: #5320
2 years ago
Juliana Fajardini
f83c67bbb5
doc: add missing rule to engine-analysis section
...
The first report didn't have an example rule to go with.
2 years ago
Lukas Sismis
11c3aa868d
doc: add DPDK Bond PMD docs
...
Ticket: #6099
2 years ago
Philippe Antoine
9287cbc33a
http: logs custom headers in a subobject
...
This subobject is request_headers or response_headers
This especially avoids json keys collisions.
Ticket: #5320
Also fixes typo referrer/referer
2 years ago
Jason Ish
5af73b3879
doc/userguide: document include files
...
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
2 years ago
Jason Ish
a71dee5516
doc/userguide: merge logging changes in 7.0 upgrade notes
...
Two "Logging changes" sections existed, merge.
2 years ago
Jason Ish
f8620d0ed2
docs: update url to docs.suricata.io
2 years ago
Victor Julien
3de687f30c
profiling/rules: doc updates
2 years ago
Eric Leblond
694bff11ac
doc: add rule profiling information
2 years ago
Jason Ish
b0c329da04
doc/userguide: provide more RPM doc
...
- Address the various RPM distributions
- User info
- Systemd info
Related issue: #5884
2 years ago
Eloy Pérez González
b3c7130749
krb5: update krb5_msg_type keyword docs
2 years ago
Lukas Sismis
1c3cb1e8cc
docs: refactor DPDK docs and add performance tuning section
...
Ticket: #5857
Ticket: #5858
2 years ago
Lukas Sismis
03319263db
docs: wrap DPDK doc section at 80 chars
2 years ago
Lukas Sismis
d0bf3ba638
dpdk: add configure option
...
Ticket: #5859
2 years ago
Victor Julien
0903536fd6
doc: spelling
...
Thanks to Josh Soref.
2 years ago
Philippe Antoine
9bd2b72e2b
doc: explain where tls.store stores certificates
...
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
2 years ago
Victor Julien
c0d9b3c078
doc/userguide: spelling
2 years ago
Wes Hurd
aee41957e1
doc: add docutils.conf to disable smart quotes
2 years ago
Andreas Herz
3045e75ee1
doc: add note on the hashsize recommendation for datasets
2 years ago
Victor Julien
a006aef4d0
doc: fix description of iptables rules
2 years ago
Bazzan Don
38b3fffbc7
doc/optimization: move "convert.py" to Python3
...
Ticket: #5596
2 years ago
Morris Chan
b9aac6dd18
yaml: grammar fixup
2 years ago
Juliana Fajardini
ae2a477978
devguide: clarify clang formatting changes policy
...
It was pointed out by a contributor that our workflow mentioned
rewrite-branch as the preferred way, while in fact our policy is to add
said changes to a different commit. Updating documentation to prevent
other situations like that.
2 years ago
Rafael Girão
6ec3bc189a
docs: remove obsolete af-packet warning
2 years ago
John Dewey
365bec3da6
netmap: Correct LB + Netmap YAML usage
...
Corrected the example YAML configuration when using Netmap and
LB.
2 years ago
Jeff Lucovsky
0ad6d4358f
add to doc/pfring: Document additional cluster types
2 years ago
Jeff Lucovsky
b1918168f9
doc/pfring: Document additional cluster types
...
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.
Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple
Issue: 5975
2 years ago
Philippe Antoine
59734d16a1
detect: use http.connection to client
...
Ticket: #5746
2 years ago
Philippe Antoine
6bc7f02e13
doc: rules can have http1 as protocol
...
Ticket: #5962
2 years ago
Jeff Lucovsky
fd46c93a8f
doc/byte_math: Add divide by 0 discussion.
...
Issue: 5945
2 years ago
Juliana Fajardini
d314b57e6b
userguide/muti-tenant: fix typo
2 years ago
jason taylor
5abcd50142
doc: add tenant id value requirement
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Juliana Fajardini
31066c7c3b
docs: clarify exception policy's supported values
...
As flow.memcap-policy and defrag.memcap-policy do not support flow
actions, clarify that in the documentation. Also fix some typos, and
add missing values in some places where the exception policies were
explained.
Related to
Bug #5940
2 years ago
Jeff Lucovsky
35bbdf4124
doc/content: Add limits for distance/within
...
Ticket: 5740
2 years ago
Philippe Antoine
8f9cd8ff1a
doc: security.limit-noproc upgrade note
...
Ticket: #5621
2 years ago
Shivani Bhardwaj
0f3e7761da
doc: add dataset examples
2 years ago
Lancer Cheng
6142593a69
doc: add version filed in NTLMSSP documentation
...
Bug OISF#5783
2 years ago
Haleema Khan
609df1776e
userguide: update tls keywords information
...
Ticket #5544
2 years ago
jason taylor
8e5b1fe8e6
userguide: add DHCP EVE log information
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Victor Julien
f4fa51986e
doc: warn IPS users on new exception policy default
3 years ago
Philippe Antoine
e3105a6614
ftp: adds a config option ftp-hash for autofp-scheduler
...
This allows ftp-data and ftp flows to be processed by the same
thread. Otherwise, there may be a concurrency issue where the
would-be ftp-data flow is first processed, and thus not recognized
as such. And the ftp flow gets processed later and the expectation
coming from it is never found.
To do so, the flow hash gets used as usual, except for flows that
may be either ftp or ftp-data, that is either one port is 21, or
both ports are high ones.
Ticket: #5205
3 years ago
Jason Ish
1b844cd7f7
doc/userguide: document --include command line option
3 years ago
Philippe Antoine
b52293b609
dcerpc: config limit maximum number of live transactions
...
As is done for other protocols
Ticket: #5779
3 years ago
Juliana Fajardini
918bd7435c
userguide/config: update log format symbols list
...
There were some possible format options missing after the recent changes
in the log format.
3 years ago
Juliana Fajardini
0d9289014b
exceptions: add master switch config option
...
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode
Exception Policies set up individually will overwrite this setup for the
given traffic exception.
Task #5219
3 years ago
jason taylor
0632233791
userguide: update http.cookie description
...
Signed-off-by: jason taylor <jtfas90@gmail.com>
3 years ago