aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,529 Commits
7 Branches
161 Tags
206 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd11e8a8ee7'
${ noResults }
Commit Graph

155 Commits (d11e8a8ee7fb2cb2da0567de16bde344e1313f36)

Author SHA1 Message Date
Jeff Lucovsky 0ad6d4358f add to doc/pfring: Document additional cluster types 2 years ago
Jeff Lucovsky b1918168f9 doc/pfring: Document additional cluster types 
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.

Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple

Issue: 5975
 2 years ago
Juliana Fajardini d314b57e6b userguide/muti-tenant: fix typo 2 years ago
jason taylor 5abcd50142 doc: add tenant id value requirement 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Juliana Fajardini 31066c7c3b docs: clarify exception policy's supported values 
As flow.memcap-policy and defrag.memcap-policy do not support flow
actions, clarify that in the documentation. Also fix some typos, and
add missing values in some places where the exception policies were
explained.

Related to
Bug #5940
 2 years ago
Philippe Antoine b52293b609 dcerpc: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5779
 3 years ago
Juliana Fajardini 918bd7435c userguide/config: update log format symbols list 
There were some possible format options missing after the recent changes
in the log format.
 3 years ago
Juliana Fajardini 0d9289014b exceptions: add master switch config option 
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode

Exception Policies set up individually will overwrite this setup for the
given traffic exception.

Task #5219
 3 years ago
Philippe Antoine 55c4834e4e smb: configurable max number of transactions per flow 
Ticket: #5753
 3 years ago
Jason Ish 48f0fd3c74 doc/userguide: update logging section for time formats 
- Update fragment of configuration file to match suricata.yaml with
  new default-log-format.
- Document new %z format specifier.
 3 years ago
Juliana Fajardini 377885f420 exception-policies: fix typos 3 years ago
Philippe Antoine a003640ecf security: prevents process creation 
with setrlimit NPROC.

So that, if Suricata wants to execve or such to create a new process
the OS will forbid it so that RCE exploits are more painful to write.

Ticket: #5373
 3 years ago
Richard McConnell 7f4c1d5e2f doc/systemd: add documentation for sd_notify 3 years ago
Lukas Sismis a4a69c3e71 doc/dpdk: add IPS setup docs for DPDK mode 
Ticket: #5511
 3 years ago
Juliana Fajardini 7b0008d4f0 userguide: add section about exception policies 
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.

Task #5475
Task #5515
 3 years ago
Juliana Fajardini 6f294f2f2d userguide: minor rewording and typo fixes 
Some of these were recently introduced, some were highlited after the
applayer sections got merged. Some paragraphs seem to have been changed
due to trying to respect character limits for lines. Also includes a
typo pointed out by one of our community members via Discord.
 3 years ago
Philippe Antoine af40873127 pgsql: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5527
 3 years ago
Eric Leblond 1b24f4d357 doc: document landlock feature 3 years ago
Philippe Antoine fe91506320 doc/http2: suricata.yaml max-streams parameter 
Ticket: #4949
 3 years ago
Juliana Fajardini bbd968c738 exceptions: add reject support to exception policy 
This enables the usage of 'reject' as an exception policy. As for both
IPS and IDS modes the intended result of sending a reject packet is to
reject the related flow, this will effectively mean setting the reject
action to the packet that triggered the exception condition, and then
dropping the associated flow.

Task #5503
 3 years ago
Juliana Fajardini ef54f36e34 userguide: briefly introduce exception policy opts 
Added them in the configuration section so folks can be more aware of
them, while a more complete documentation isn't around.

Related to
Task #5475
 3 years ago
Juliana Fajardini 3c74e443bd userguide: update defrag settings options 
We were still mentioning that there were only three options.
 3 years ago
Juliana Fajardini 0cc040cf61 userguide: merge sections about AppLayer Parsers 
We had two sections under the suricata.yaml configuration section
describing settings for application layer parsers. This merges them into
one and also fixes a few subsection title levels.

Task #5364
 3 years ago
Jufajardini Reichow f9c9091bb5 userguide: fix typo in inline mode illustration 
The image describing Suricata's sliding window had two of the "packets"
with the same text. Now they actually give the sense of a sliding
window.

This was found by Zhiyuan-liao.
 3 years ago
Andreas Dolp db73a12540 doc/tls: Add documentation for TLS logging 3 years ago
Andreas Dolp e4163c4e02 doc: Fix typos 3 years ago
Eric Leblond 6f06f7c22c doc: add info about capture_file key 3 years ago
Eric Leblond 0c7e4c13a1 doc: add conditional pcap logging info 3 years ago
Juliana Fajardini 1956dc3d5d userguide: explain alert queue behavior and stats 
Added sections along packet-alert-max config section explaining
packet alert queue overflow (when Suri reaches packet alert max), when
alerts are discarded etc.

Since from the user perspective it shouldn't matter how we process the
alert queue, the term "replace" is used, even though there's not exactly
a replacing action happening, with the queue bein pre-processed before
being appended to the Packet.

Also described the associated stats and added an explanation on when to
change packet-alert-max.

Task #5178
 3 years ago
Juliana Fajardini 49542d0f1b doc/userguide: explain packet-alert-max config 
Task #4207
 3 years ago
Jason Ish 7d6bc60abb doc/userguide: document ftp max-line-length 3 years ago
Victor Julien 976748b777 doc/smb: add resource limits section 3 years ago
Andreas Dolp d4144c04cd Doc: Fix typo in documentation of suricata.yaml. 3 years ago
Jeff Lucovsky 117e11b0ae doc: Describe per-thread stack size config setting 
Issue: 4550

This commit documents the new per-thread stack-size setting. Some
systems have a small default value that is not suitable for Suricata's
multi-threaded architecture and adjustment may be required.
 3 years ago
Philippe Antoine 8adf172ab8 nfs: limits the number of active transactions per flow 
Ticket: 4530
 3 years ago
Philippe Antoine 11d3af551b doc: suricata.yaml fields about maximum transactions 
For HTTP2, MQTT and FTP.
 4 years ago
Andreas Dolp f714484591 Doc: Fix typos in documentation of suricata.yaml. 4 years ago
Jason Ish 8071d8239e doc: update rule section to current default 
Update the rule section to better describe whats seen in a default
install of Suricata including a link to the rule management section.
 4 years ago
Jeff Lucovsky 93842aa14a doc/yaml: Signal-termination option description 4 years ago
Juliana Fajardini de0ce26e3f userguide: update references to Suricata website 
Many places were still referencing the old Suricata page.
Used git grep with replace to update them. Checked that new links work.
Left old references when they were only documentation examples (for
output or unittests).

Task#4915
 4 years ago
Juliana Fajardini 7b20488d4e userguide: fix low-hanging typos Config page 4 years ago
Lukas Sismis dab3274263 dpdk: add documentation for the DPDK runmode 
Briefly present the DPDK runmode through configuration file.
 4 years ago
Lukas Sismis e4b5239202 doc: fix typo in "Stream engine" documentation 4 years ago
Jason Ish 2cff811609 doc: remove prelude and document as removed 4 years ago
Philippe Antoine a04b5566a6 http: makes decompression time limit configurable 4 years ago
Justin Ossevoort 320de5f43d eve: Log tenant_id for all eve-json messages 5 years ago
Philippe Antoine 9b5c923327 http: disables lzma by default for HTTP 5 years ago
Jeff Lucovsky 06f41f608c doc: Improve grammar, spelling and clarifications 
This commit improves the overall documentation's grammar, spelling, and
adds clarifications  where needed.
 5 years ago
Sascha Steinbiss c31360070b rust/mqtt: add MQTT parser 5 years ago
Victor Julien e04d48c8c8 doc/userguide: fix outdated mpm info 5 years ago
Jeff Lucovsky ec07f58705 doc: update file-store stream depth description 5 years ago
Jeff Lucovsky b116a56a32 doc: Correct typos 5 years ago
Jeff Lucovsky 297f91479e doc: Fix spelling error 5 years ago
Jason Ish a77662bdbf userguide: remove old drop-log documentation 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2381
 5 years ago
Todd Mortimer 6b4d32c6bb doc: Update documentation for by_rule and by_both thresholds. 5 years ago
Victor Julien e97cdb48f3 decode/teredo: implement port support 
Implement support for limiting Teredo detection and decoding to specific
UDP ports, with 3544 as the default.

If no ports are specified, the old behaviour of detecting/decoding on any
port is still in place. This can also be forced by specifying 'any' as the
port setting.
 5 years ago
Jason Ish d3f6a95b56 doc: removed unified2 output 5 years ago
Philippe Antoine 6921608673 http: updates suricata.yaml comments 
As well as the userguide documentation about suricata.yaml
 6 years ago
Jason Ish 9111b9df57 doc: cleanup enging logging 
Attempt cleanup the engine logging a bit.

Also a include a verbatim excerpt of the default configuration
here for reference purposes.
 6 years ago
Jason Ish 212252faf2 doc/drop.log: mark as deprecated and scheduled to be removed 
Also make sure options are in sync with those in
suricata.yaml.
 6 years ago
Jason Ish 5345379d14 doc/unified2: add deprecation/removal notice 6 years ago
Victor Julien bd2f1e15fd doc/stats: minor clarrifications on 5.0 defaults 6 years ago
Victor Julien d5009c5d8c doc/stream: briefly explain bypass 6 years ago
Andreas Herz 30fd80b0ef doc: convert fancy quotes to straight quotes 6 years ago
Jason Ish 355d125c4f userguide: remove dns-log 6 years ago
Maurizio Abba 4697351188 smtp: create raw-extraction feature 
Add a raw-extraction option for smtp. When enabled, this feature will
store the raw e-mail inside a file, including headers, e-mail content,
attachments (base64 encoded). This content is stored in a normal File *,
allowing for normal file detection.
It'd also allow for all-emails extraction if a rule has
detect-filename:"rawmsg" matcher (and filestore).
Note that this feature is in contrast with decode-mime.

This feature is disabled by default, and will be disabled automatically
if decode-mime is enabled.
 7 years ago
Victor Julien b3c021f8d0 userguide: improve stats logging documentation 7 years ago
Pascal Delalande f2dca46382 doc: fix minor typo 7 years ago
Victor Julien 85f2486e0b multi-tenant: document per tenant settings 7 years ago
Victor Julien 7c884e0850 doc: update multi-tentant for device feature 7 years ago
Victor Julien 693a3df031 tls: document encrypt-handling option 
Document in sample yaml and user guide.
 7 years ago
Pascal Delalande 4f48927c44 doc: spelling mistakes in various sections of the user guide 7 years ago
Max Fillinger ce270a8f6a Add info about pcap log compression to user guide 7 years ago
Pascal Delalande e3c5784dd5 doc: minor updates (tls custom, TODO removal, ftp/smb file rules) 7 years ago
Victor Julien 78437375c4 doc: add by_either to suppress explanation 7 years ago
Victor Julien 2c259f2239 doc: add smb section to yaml 7 years ago
Victor Julien 13bdcd5249 doc: minor fix 7 years ago
Jason Ish ab939f4aaa doc: breakout eve-log section to a partial file 
Both the suricata.yaml and eve configuration sections
included the eve-log section from suricata.yaml. First,
sync these up with the actual suricata.yaml then break
it out into its own file, so only one file needs to
be kept in sync with the actual configuration file.
 8 years ago
Jason Ish 0e02684634 doc: update eve-log section for metadata 8 years ago
Jason Ish 5420c0ab06 doc: document file-store v2 8 years ago
Victor Julien 746638b220 cuda: remove 
Remove CUDA support as it has been broken for a long time.

Ticket #2382.
 8 years ago
Ruslan Usmanov 1090ee9d8d rate_filter by_both through IPPair storage 
Ticket https://redmine.openinfosecfoundation.org/issues/2127
 8 years ago
Andreas Herz c048ee6505 doc: reflect most recent cpu affinity settings 
Some settings like output-cpu-set never been used and detect got renamed
to worker. This reflects those changes already present in the yaml also
within the documentation.
 8 years ago
Julian f27b4fc8fe redis: support for rpush in list mode 
This adds a new redis mode rpush. Also more consistent config keywords orientated at the redis command: lpush and publish.
Keeping list and channel config keywords for backwards compatibility
 8 years ago
Jason Ish f715b0ae6b doc: add pid-file section to suricata.yaml doc 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
 8 years ago
Jason Ish 59d69666ea doc: add more details to log rotation doc 8 years ago
Jason Ish 92f15b7ffb doc: move log rotation to output section 8 years ago
Victor Julien 62b6f9fe25 decode: add config option to disable teredo 
Ticket #744.
 8 years ago
Eric Leblond a3f07ec02e doc: document drop-invalid option. 8 years ago
Victor Julien 79389558ac doc: update for stream changes 8 years ago
Ray Ruvinskiy 7539973109 tls: logging for session resumption 
We assume session resumption has occurred if the Client Hello message
included a session id, we have not seen the server certificate, but
we have seen a Change Cipher Spec message from the server.

Previously, these transactions were not logged at all because the
server cert was never seen.

Ticket: https://redmine.openinfosecfoundation.org/issues/1969
 8 years ago
fooinha 36667ab8a1 doc: async mode for redis eve output 
async: true ## if redis replies are read asynchronously
 8 years ago
Jason Ish 89ba5816dc doc: update unified2 section 
Remove documentation on older unified formats that have
been removed.
 9 years ago
Victor Julien 3012edae1c luajit: update default yaml and doc for 'states' 9 years ago
Victor Julien 1aa70fb39e doc: add rate_filter 9 years ago
Victor Julien c6134e007e doc: app-layer tls including no-reassemble 9 years ago
Victor Julien 48274218df doc: multi-tenancy is not work in progress 9 years ago
Victor Julien f64decf5e2 doc: clean up log rotation 9 years ago
Victor Julien 729fd2e406 doc: update libcap-ng doc 9 years ago
Victor Julien aaf0fe4d29 doc: eve update 9 years ago