From 347e3b49726e0ad6e32c96f9779438855dc4900c Mon Sep 17 00:00:00 2001 From: Andreas Herz Date: Tue, 5 Jan 2016 20:47:50 +0100 Subject: [PATCH] doc: fixed remaining FIXME --- doc/sphinx/configuration/suricata-yaml.rst | 10 +++++----- doc/sphinx/output/.custom-http-logging.rst.swp | Bin 12288 -> 0 bytes doc/sphinx/output/.index.rst.swp | Bin 12288 -> 0 bytes doc/sphinx/output/.mongodb.rst.swp | Bin 16384 -> 0 bytes doc/sphinx/output/.syslog-alerting-comp.rst.swp | Bin 12288 -> 0 bytes doc/sphinx/output/eve/eve-json-format.rst | 2 ++ doc/sphinx/output/eve/eve-json-output.rst | 2 ++ .../.files-json-log-output.rst.swp | Bin 12288 -> 0 bytes ...logstash-kibana-and-suricata-json-output.rst | 2 +- doc/sphinx/rules/payload-keywords.rst | 4 +--- doc/sphinx/rules/pcre.rst | 4 ---- 11 files changed, 11 insertions(+), 13 deletions(-) delete mode 100644 doc/sphinx/output/.custom-http-logging.rst.swp delete mode 100644 doc/sphinx/output/.index.rst.swp delete mode 100644 doc/sphinx/output/.mongodb.rst.swp delete mode 100644 doc/sphinx/output/.syslog-alerting-comp.rst.swp delete mode 100644 doc/sphinx/output/files-json-log-output/.files-json-log-output.rst.swp diff --git a/doc/sphinx/configuration/suricata-yaml.rst b/doc/sphinx/configuration/suricata-yaml.rst index 6a2867fe28..f318e1c5ed 100644 --- a/doc/sphinx/configuration/suricata-yaml.rst +++ b/doc/sphinx/configuration/suricata-yaml.rst @@ -276,9 +276,9 @@ integration with tools like logstash. #- drop - ssh -For more advanced configuration options, see [[**FIXME** EveJSONOutput]]. -.. FIXME jsonformat ref -The format is documented in :ref:`Eve JSON Format ` +For more advanced configuration options, see :ref:`Eve JSON Output `. + +The format is documented in :ref:`Eve JSON Format `. Log output for use with Barnyard (unified.log) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -350,7 +350,7 @@ This log keeps track of all HTTP-traffic events. It contains the HTTP request, hostname, URI and the User-Agent. This information will be stored in the http.log (default name, in the suricata log directory). This logging can also be performed through the use of the -[[**FIXME** EveJSONFormat|Eve-log capability]]. +:ref:`Eve-log capability `. Example of a HTTP-log line with non-extended logging: @@ -384,7 +384,7 @@ This log keeps track of all DNS events (queries and replies). It contains the type of DNS activity that has been performed, the requested / replied domain name and relevant data suck as client, server, ttl, resource record data. This logging can also be performed -through the use of the [[EveJSONFormat|Eve-log capability]] which +through the use of the :ref:`Eve-log capability ` which offers easier parsing. Example of the apperance of a DNS log of a query with a preceding reply: diff --git a/doc/sphinx/output/.custom-http-logging.rst.swp b/doc/sphinx/output/.custom-http-logging.rst.swp deleted file mode 100644 index 8f40092872278afb4d7fa267bba193d607c7a372..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeHNO^+N$8LmLWcleYD7o-K?&(?YWVTI$mIQm3WTVBg!%7%gHQhDS757wi zs;YNp)-n75IBynA>=uSC}vuFo^}&zFAmZvEwy{o`fExXPt}{j7_dtXSA*^ zJ>UfRE^zBJjC}`q8#n@9{WN1=2cG{FV;=?n_({h80Q>}a4|o&!0`U7!F!np30RH}Q z#{LHU7|4LH0>Akf>I?t@ya^0}uK+Ir-p8MNKf9}Apkv@e!N9&+k+T09CwD*C zrbQu)ppz4lmRuoxU&?eYt}^yA^^U1eR+v+)R%zo%)$@rkzGeSW%i%HcJckL^H&kfI zN(pl=4&jel9v^as2Dp$(E8(h>b8q$j{{OGu*y88izP0@5+}6rYQS+HatS&J-lpu9b_aRG6|^^OmrcR#wnKGm88uKg%~U5c&vh zR-QGg^crm)Om<%x@A;0l>F8>sU?X?6ZL}ECVQ?Vhm>Uc43=%>y9qvQOJp@7%A&r~0 zDZR%Ngvov3+9ieq)cugB@T7l3n*}$y$o+2*WlEv!E(E|MX*Ry{#=Dll3qym`fg#$G zaNM*p$l)%62G*k7Z@Ib}R=$G{eLe$ye$gX+h5+XAZZx2+lO(xLcP6!R^>unns(MLs zG#*_ibDAbeG`LDPMRs4u!$C5@PeM1O5mUX4ePa`<4>os7K6|I$uOXVvjcQcjH=)Mh zJGb5fhgn(Ys68a~H7li73g)Ky=`8`t&+Bkm}}&;!Z&zXT@3?gTF*)mWqQuoZAiS7 zXoo^tFW^qf*r6j^=(|3nWbEN zb7&@<*R?dH7b+O!7nRdy#)Y&6IgQ{J!EC95%Lx4Kwg;?I!n>tuu5&qEHF5IT;=V0x zID*q50eQoFYf-`CGDrMlX2M}IufRFN>4}sPg;a$d{LiVI8XptjbitdG~H2u2VUIl<={^cYK( zi)FN&mxPQ#O=6;CZx|(`ag;=RNqTKJ8H}m_ns39~Q8e7$jgoOXMi{106Fr_rhp>B) zjFP?oDklqV%6yZNf-AUt-}dioBY5AfszPhkpXidGaC$@UnZfN4=Y#T6DSBg^r5!&8cv)?)cH)j z^3k0lK+j)=cnV!py3~8nd!yewNP9YY99@WH#yW5Fj$q){Y6q+uL~I68Yg z^&eHQ;hQV%9bdYzTySK=349?o)#K;Z2ZLy9eNy8S@v+Fq;nZH9VxL=6T5s2RQ{X7j zhL`=Ohp$af@ze<4-wxZ|ey1&Mk5+tMVn-2FO~zRlv?E!C4-=oqM2>vJJ@sA!7JI(m qd|j+3p(NTt?0d~*T&;JDubuF7p8Kk+CYtg0^ph8RJ@B$Qfc*<}VB@y{ diff --git a/doc/sphinx/output/.index.rst.swp b/doc/sphinx/output/.index.rst.swp deleted file mode 100644 index cfd31020081d4caf33d3442d3e210222119ebdb8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI&v2N2q7zgk#tW^QEV;4iEZ08GYB~VZwphLw(_RGbwFHL-w?+jrnOSe8k=RN^T z_r3ue5)+DW3llddX_R$j@G)zTH2$>-8mzNox3`6!vkrSt8Z zq5=XCXcwsbSiD%L-JNH>P`v&0Nwm4~x_uogAOHafKmY;|fB*y_0D*fW;EN8u=eK## zywO^7?fh|VhPXfg0uX=z1Rwwb2tWV=5P$##AaDl-)QIToL!#azet7==zx@CIlgB?e z-#OQuE6zvG2hJJigrhlOU6-@P`NsQv;e6s;az1m=AOHafKmY;|fB*y_009U<00RF> zAc~@?O`TUR6GvvKawYhn`OWN2r@noAv@90Ov*=>tY%Uh3&{s--ceyt<)5I+b`FERQ z`On$<2s mtO)ae?^mhjLBj3iO|p7~K8_=AwJ(#T-zVCy8@;Me+S4z*8lPtX diff --git a/doc/sphinx/output/.mongodb.rst.swp b/doc/sphinx/output/.mongodb.rst.swp deleted file mode 100644 index e07477ba338a00305b275652c1c539017f66a284..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeHOTaP106|N0;HaEdD(!rp_-q`JKd&c&7wLv?Zna!*+%CfU0A*_hX-DSIH+Fjo6 zYR`;D0|+UJP~eS!K=KqMgm{C9NCB28kNkk}f&>ylMB*YqLgK6H9*<||ViXiLVEsWYBYxRLvJ_TUZ7x1M?WjRKM1F zfHfPQtDAnI^m+R1XTCD8m%VNounbrRECZGS%YbFTGGH074E!H4pvL#HZ^EAY3Y)%K z{GPk(_anveCyU?b?z&za+8@h+Wxz6E8L$jk1}p=X0n318z%pPNunbrR?m-54z}Qcq zS5v@v_A>Ai@FLIw&H)Vg z_XCXm3-~ASci@M>>%eQktH8H_Rp77pGxitYHQ-g?*XJ3#1N;j3C2$Q`16F}6z%uY9 z;Cr8D?7P5sfR}(5fo}s30}lZY0(U+IIlx=Mo50V3p8+?3W#B!$-1r0VJa8HKBJl1f z7<&h}1H1yf3~U1HKo|HNa1Qw0#~FJYcoX;$@H%iC`2EKiy9NB_qmT)F9WPSe0@sG` zdoUj6szliKsPsY@l&Gus(!>wPdcV~0n$D8v>^M86DwT#xjb9kbRGDkr+uKfG`a8wN z5g&xUx$xx8^`{75fMg>Pt17K+JYDN_7MDng9rWCXpb3vMQ4HqGEH(nYg@ty5_GzD; zs*cxLa6GqtvOeR+*x`v*r`u?Iu2%R^r^_2x*4B&$RoV{KkYY(u7z>Fm<2(v=%4mv26Oqf3LJwmB99nxF}lvowqcw07+(8G)0ITdC6Rj7Oo`rAy?w z?yb^UCbqn$ceaWDRWuy8?*qm|qt$fhDAZ~>UUSjG2M|uHadL!;9^Z9*>110+1LC=v z7@ZfHjdsVI6PYubc%2VXm8RQSYMt$+Gn0fT;<$q*BH5*MC=*5fFcMToa+uVqoDnYz zjm4H*X!1DW%dXLG{;8MK596R*aZ<=D?>%aA9UefIKiaK%`xPe&N1-ZvZUu?1lU;8m zxuxrYS7qi9RifC@hoxMwZqV?SIt%XXwL}D&Z;DB)-Sj%GBOL`s(%qV#=XTmt=|*T6 zLKxMWH#p*zR=P=|H7Kq*-Jnl@2&4X)Sbb!;B_%GnKJ3 z;^P}e-7@y7x#rb9Scg(O?Fv#V7tyt#CJ`!2V#){6=dl@1Q&it%h5N&DKZ|`8%9zUL zLWTD7);a6+*rmKfet0pLZlolISd@o7V|CZv*Fzi%+^QCXK`1Ufjt-h`bU0{Jo^3MW z$3+rko~H3s;X;v6C$|1KmBY8SB(xjY*h-bip%YSA`-@I)_9+iuaI~y>KuP zsUjsQ9q}mA`*AkviG=h`IVIVL>vRGKayyPB4^n*f328{qX$YF++{-noI~T4$vFco? z?^g@@yy~IyUNvu}Q#Q}#oZ{2k8d0X)tPxmal$B8G6(xq4dYOSJVLiTh7oW@Zgmf%)MQ2#+$kQxcjou8 zOEbmkB4!?BoIh25U4OIs#4@ey@X;8w-p)i4ij>MSMhc+Z(U4CBZr$U;O+#V$PirRI zBRQZN1tRs6um>;lo!ZDw%XKoTDc9^|tTH5BPoenoqY=}4w+nMFY{0K#FBuJ)+x zEz(HWA|yO!1X`mC=>bU(X#5|>daz86DZ(=w6Q(Hi6LinMU;2@&n)w1|Em9|aTi zf^`Qr=t4>r#v%?5dKfd7iXx$pY80x%V4f*Cf^t5he3$%0aD|x~qy#-Pq{)Yrw1Uva zVeA6cYQ}Q?XNG<)G&Mb^1m)7;4X6&n25?LmBc=L@9MMMc0kdNy`VvWIDl5h+YWRUX zaXSkUJ#c_dyNxeDMJ1zE$@GMt2OY3msGuizJ)Vjx(t9Wp0XGww@1pYvf(=Le)oOu$o zANf2c%$UQ8c6FipG~kT`^0Jd=kj%%bHZZ{g^94Qf2pu_H=#|qD^boEC5$lpAdZvDN z>-d(uC}y=FOjRNsLm6tCOa}EtjAcFRVRDhxvN3GL97Z?8bT=0?9SwzrcrXEd*h@u% zNslfz`JR)D!0l&*28r+|)LwP3tSsZxT3w9`W|w(d#H3FCK*CO4FO8CZdPFf~3#Q(6 zg-A|Noa%+4wLpT_{=!Az;{Za~cZ`r@e6U5=o!?q9^5+ ze)>JSNb diff --git a/doc/sphinx/output/.syslog-alerting-comp.rst.swp b/doc/sphinx/output/.syslog-alerting-comp.rst.swp deleted file mode 100644 index 24ad1a76e335428e22c0bdf8674420fac7e0e2ae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeHN&5smC6faa%RMd!)Xhe&}O<*%0EFVG!{2&AZ2?%kK#G5tU)iVV>U7f1xT_!Pl zQcS#X)c6O8R})Q4JZR912NO+9JaaVh5Ab6Ay;t3{1M=Zj(i7g!Y)$q1_`TnIuQt?h z_xY2j<$>Nlf!C8lJiqPZ^Pe3Wh!2*8P(^BJ`ED=elJT0q+b$vABZd9a*$X-ezV9n% z5*1WGwMpNXV^dt}+bWb*==-V9?Wn7A?Sd&r-Na7Hp7Y`EHrgF60xbf!K%fd)_uyu+ zchB-}`gX^{cDd!Lw{EeqU1||%5oi%;5oi%;5oi%;5oi%;5x7?o2;~OxK7zZi4)C@5 zeZx)f^{?$)i$IG&i$IG&i$IG&i$IG&i$IG&i$IG&i$IIO{}2I{3h@*E_`iNXoX7wF zH-G@(kqn2ZZY~`5p4R;%%^gwWooiaJ6!~6 z3OR)msf$(PY%!s=RF@hTdWsQr$+fWxGG5z}snQc$cvib|^4Mv5R90|cSOqz@rOv7x z2H2fw(;DcbU9c0zS~@ct!+>$PC}eEWLvJ7juE#fm1r{u8t=)s3RqYUM81r(_06_)7P?ovT>42=gG+S+ycjUt1 z#j|goTzqvgDhg^eSRU-%v$#0%qrqU{%dW|~h3zi;(DfxRFD}gabOKls{;HTEzc!{d z3VEfz4Mk3S>u4XjPw>`$Pqg=Hq>;ixy116g%(@AXCuCU*!Hq}trIMh-!<5@nIZvOl zV?s|WQpt$b&-bJ}8IiATCAP@SsB((nmze=cc2>UfiV_D6eI1gBpyF=}HPJFR7m>QC zp+_1d;+Xq&R|k7>i%Y6By#aY3-iFL=o=;6-R=H|LyIX&U2>sjs`hdzg9?zZ&uU3 zg9?`;tj?_J%yAanFP&5ry@foD)$uq-MV=GTQitsXbz}fYkF`>W< zJt$MgVJ{OhrM5$fn9JnMY2t7us{+>wH4%?eO3pUwx$CX_6%@#-A_16B_(9uy@;Dx@ zJ7b4@q|OLlt-IGD7Dd#&d{>T~E^7<`T#|Be^i5$x@1~9f$H?=EDyC35Wv*rhG{UvV zJCU~H>gDcPw-D;y(6C-Ob^YA_O&o_I%KIIPgY5_b7zw;Ot#yZ?l{@q(Axc(GIsFxSDD|FsK;#qf7 z!mOKjK^1(P?c({PsG<6*EUgRj+|jcgdG6FoM^36dm~I$5t%!deHg5qTohHVrNRW|C ztAMigvI&K5{}!YFW)J54oIPsGH>pS4pllnOB(w-GIn|7J=X?`f3HdTjk%O(qqo6bF2qiSrd*@0zdF zlnRLGcB7)q*~xlEqk7_bj#_L@@f#d&CTH{IyahV1PMyT)NFj{J~e@w`kJwhuU16K_lWIz@4G?R?^Xe9yvRDxFNw8=F& zBNN2sRE~Z>YI+Y&HXUwQxgi!tVxpIWPh9yH#X}y_U@3fX6(0(?_jn!R9_mF^*;H_5 zQEOEC6kKnrCOMaAv(g+Z;-Qba0>v_GOtCYEX~_*NhPZRa=3V6ah#aE_*Lc*^2nRH; X-03A&;&eVz-=&vF>lSTt6Q<%HmaB5g diff --git a/doc/sphinx/output/eve/eve-json-format.rst b/doc/sphinx/output/eve/eve-json-format.rst index a3d68ef67f..61a4f33433 100644 --- a/doc/sphinx/output/eve/eve-json-format.rst +++ b/doc/sphinx/output/eve/eve-json-format.rst @@ -1,3 +1,5 @@ +.. _eve-json-format: + Eve JSON Format =============== diff --git a/doc/sphinx/output/eve/eve-json-output.rst b/doc/sphinx/output/eve/eve-json-output.rst index 2606f6c929..8d42930d86 100644 --- a/doc/sphinx/output/eve/eve-json-output.rst +++ b/doc/sphinx/output/eve/eve-json-output.rst @@ -1,3 +1,5 @@ +.. _eve-json-output: + Eve JSON Output =============== diff --git a/doc/sphinx/output/files-json-log-output/.files-json-log-output.rst.swp b/doc/sphinx/output/files-json-log-output/.files-json-log-output.rst.swp deleted file mode 100644 index b00f05e585001fc0774948dc0065008081b07522..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeHN&u<$=6rLg#QD}j-f-8fOs#dCZy|&{dM*K>`A*i9P+?I-qKOz3+W9t0*t- zT-n^B%R!&u^E4r+PJMRe=8Hq}eMkr^Q(?RB^^Yb6q9 zSeVKr)YVj!yP>R2Rhw`ka<1FkT9)lxX6^s#4U{(b-rCRb3_RQn)MnCNIYxTjsAGwE zq4hjHdE)ZJ&54iRGvFEU40r}S1D*lTfM>un@Q^WJszc;`#Qex2?w1$OL;rd%n*QM# z@ChOqAN#LAtRQ$c93?T^CgodXqeBwaEk0SEiv< z7}W;rF%s_4@BBplWu^l{>=ehN?G=WmLZMtUpYKcD>5>_74FNQK%Sl7ItJ*vhkQ%O{ zFR8VW1x?_!&DKH=GhwFGkxQ}Doh0lTI~~{gjvaz?MwGRz^%-OVTs5T0$%HEegYmk8 zoUqZJ4nRd4LLgIPs$m$;X0yPSkOop^p-m(>vUy?1OiCwwc2GuF zBS;G*o~4a9NCJY*A@~e}&A=ut1TtvFi12x7-0_6Mwm~`Kn{mDqG^FhlEBu6{=8$1t zP3qk00b*!kLpB3qec^73Rilj?Ww?!`6D74q65TPi{NlJ*SVHJ~gtoMJhqs2byV@N@ z)V2+xP0=%9xeWtdMY@D`E9T2-yu?>ozaI@)KkD| zKX-og`bN`PuuLSj^R?0X<|Z|K*PNwJP0r;UcM657xnA^^(ls$r6#{~lN;^Yb<31aQ z-5`pB&NxiD-Z8QohrM8F9J+ju!ve=ONOZHHW#fGt_mJIu98MG~_)MxDJq}~0P^f%g z_8MzbTt3#EjZ`E-948`3WKi$G#b$=$&^cFjlGF1z96Lp0DrOer(9X08D&fw-o`LqX z!cecfy3%ckwat}|`;EKP$VBGo8MuyA8)3&=(JIIptOR{LR+k(0wMv@7l}^y@tp?p_ zIf#~{W>8c}0ao^%9U}_d&#Y){f#OaCx;s&~9Sw#{-Qkj3J%|Qw@w+&&L)?mMOydQS z+k3{ID16xgN3f{`rzi?{+H~pP(|;~@tXhR0lD)SEoidFsoXS|_0tXl83vs9Q;*7f+ z%hj0&Fi9KhR@KyQfgtp>y(3~)vNldjd#_@>sZ4KX+qt+4aHYidCyp)7R(tWvY~x6^ zi@Cm*Jaqd2!zz4U)R Gl79e$FZbsF diff --git a/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst b/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst index 10e5d87f25..adbb73aa66 100644 --- a/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst +++ b/doc/sphinx/output/files-json-log-output/logstash-kibana-and-suricata-json-output.rst @@ -41,7 +41,7 @@ Make sure your Suricata is compiled/installed with libjansson support enabled: CUDA enabled: no ... -If it isn't check out the [[**FIXME** Suricata_installation]] page to install or compile Suricata for your distribution. +If it isn't check out the `Suricata Installation `_ page to install or compile Suricata for your distribution. **NOTE:** you will need these packages installed -> **libjansson4** and *libjansson-dev* before compilation. Configure suricata diff --git a/doc/sphinx/rules/payload-keywords.rst b/doc/sphinx/rules/payload-keywords.rst index b5f400ac45..6104c5ba79 100644 --- a/doc/sphinx/rules/payload-keywords.rst +++ b/doc/sphinx/rules/payload-keywords.rst @@ -228,9 +228,7 @@ The first example illustrates a signature which searches for byte 512 of the payload. The second example illustrates a signature searching for byte 50 after the last match. -You can also use the negation (!) before isdataat. Suricata does not -support using it yet, but will support it in future versions of the -engine. For more information see **fixme: what is this supposed to link to**. +You can also use the negation (!) before isdataat. .. image:: payload-keywords/isdataat1.png diff --git a/doc/sphinx/rules/pcre.rst b/doc/sphinx/rules/pcre.rst index 9af5484214..784b56681c 100644 --- a/doc/sphinx/rules/pcre.rst +++ b/doc/sphinx/rules/pcre.rst @@ -79,10 +79,6 @@ Suricata has its own specific pcre modifiers. These are: relative to the previous match so both matches have to be in the HTTP-raw-uri buffer. Read more about :doc:`http-uri-normalization`. -** FIXME - image is missing on wiki: .. image:: pcre/pcre7.png - -** FIXME - image is missing on wiki: .. image:: pcre/pcre8.png - * ``P``: Makes pcre match on the HTTP- request-body. So, it matches on the same buffer as http_client_body. P can be combined with /R. Note that R is relative to the previous match so both matches have to be