userguide: fix Deprecations, warn about syslog

The Deprecation note on Syslog was partly conveying the opposite message, and we were missing a deprecation notice on the Syslog output section. (cherry picked from commit 926fde859e)
2 months ago · fbd2832c81
parent 254ba73e65
commit fbd2832c81
2 changed files with 5 additions and 1 deletions
--- a/doc/userguide/output/syslog-alerting-comp.rst
+++ b/doc/userguide/output/syslog-alerting-comp.rst
@ -5,6 +5,10 @@ Suricata can alert via syslog which is a very handy feature for central log coll

 However, there are different syslog daemons and there can be parsing issues with the syslog format a SIEM expects and what syslog format Suricata sends. The syslog format from Suricata is dependent on the syslog daemon running on the Suricata sensor but often the format it sends is not the format the SIEM expects and cannot parse it properly.

+.. attention:: The syslog output is deprecated in Suricata 8.0 and
+               will be removed in Suricata 9.0. Please migrate to the
+               ``eve`` output which has the ability to send to syslog.
+
 Popular syslog daemons
 ----------------------

--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@ -227,7 +227,7 @@ Deprecations
 - The ``tls-log`` output is now deprecated and will be removed in Suricata 9.0.
 - The ``syslog`` output is now deprecated and will be removed in
  Suricata 9.0. Note that this is the standalone ``syslog`` output and
-  does affect the ``eve`` outputs ability to send to syslog.
+  does **not** affect the ``eve`` outputs ability to send to syslog.
 - The ``default`` option in ``app-layer.protocols.tls.encryption-handling`` is
  now deprecated and will be removed in Suricata 9.0. The ``track-only`` option
  should be used instead.