6b8b58f98a 
								
							
								 
							
						 
						
							
							
								
								doc/eve: common fields and alert updates  
							
							... 
							
							
							
							- update examples for both
- change app_proto from alert field to common field, as
  per JsonBuilder's changes. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								eacf933edf 
								
							
								 
							
						 
						
							
							
								
								doc/eve: fix typos  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								95f225e8fb 
								
							
								 
							
						 
						
							
							
								
								doc: update sphinx api to use add_css_file  
							
							... 
							
							
							
							instead of deprecated add_stylesheet 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								fcd1ae3bf1 
								
							
								 
							
						 
						
							
							
								
								doc: Protocol name/case change for upgrade doc  
							
							... 
							
							
							
							This commit adds a one-liner to the upgrade document for 7.0 stating
that protocol names/values are now builtin to Suricata and that names
and their casing may change. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								0ed62e93ec 
								
							
								 
							
						 
						
							
							
								
								doc/modbus: add eve logging documentation  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								f83d51d0cb 
								
							
								 
							
						 
						
							
							
								
								ike: set event for multiple server proposals  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a5f36eccf1 
								
							
								 
							
						 
						
							
							
								
								doc: add documentation for rawbytes keyword  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ab59ef0d79 
								
							
								 
							
						 
						
							
							
								
								ikev1: add documentation for ikev1  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ecdf9f6b0b 
								
							
								 
							
						 
						
							
							
								
								ikev1: rename ikev2 to common ike  
							
							... 
							
							
							
							Renaming was done with shell commands, git mv for moving the files and content like
find -iname '*.c' | xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								d708744f2b 
								
							
								 
							
						 
						
							
							
								
								doc: fix ubuntu pkg name for tcmalloc  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								560974b2db 
								
							
								 
							
						 
						
							
							
								
								doc/quickstart: use new test url that works  
							
							... 
							
							
							
							Replace http://testmyids.org  with http://testmynids.org/uid/index.html ,
as testmyids.org now always redirects to https. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								7ece0ac31f 
								
							
								 
							
						 
						
							
							
								
								doc: update installation documentation for CentOS and Fedora  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a04b5566a6 
								
							
								 
							
						 
						
							
							
								
								http: makes decompression time limit configurable  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								25e9483168 
								
							
								 
							
						 
						
							
							
								
								doc/lua: Lua API name consistency  
							
							... 
							
							
							
							This commit updates the documentation of the SCFlow* function names
available to Lua scripts.
Formerly, they used the prefix "Sc"; now they use "SC". 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								547afcb983 
								
							
								 
							
						 
						
							
							
								
								doc/userguide/transforms: remove not about libnss being required  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								41591af48b 
								
							
								 
							
						 
						
							
							
								
								doc/userguide/install: remove libnss  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4b9af8d2ce 
								
							
								 
							
						 
						
							
							
								
								doc/userguide: document --disable-hashing  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c0ddad8e7e 
								
							
								 
							
						 
						
							
							
								
								doc/ja3: libnss support no longer required  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								5499a6f7cd 
								
							
								 
							
						 
						
							
							
								
								doc: fix URL for unix-socket python example  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								f78f444a5e 
								
							
								 
							
						 
						
							
							
								
								doc: build all manpages  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								9b840104bd 
								
							
								 
							
						 
						
							
							
								
								lua: Make the rule action available to output scripts  
							
							... 
							
							
							
							Useful for those that want to do custom logging from lua 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								320de5f43d 
								
							
								 
							
						 
						
							
							
								
								eve: Log tenant_id for all eve-json messages  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								15c42e0d83 
								
							
								 
							
						 
						
							
							
								
								doc: add documentation for SRV DNS JSON structure  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								096dce4bba 
								
							
								 
							
						 
						
							
							
								
								http2: allow filestore to work with HTTP2  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4e242645be 
								
							
								 
							
						 
						
							
							
								
								doc: explicit header normalization further  
							
							... 
							
							
							
							And their concatenation as described in RFC 2616 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6b30890de9 
								
							
								 
							
						 
						
							
							
								
								doc: http.uri.raw has no spaces  
							
							... 
							
							
							
							as they are in the protocol
cf bug #2881  
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								7b4ac8dbab 
								
							
								 
							
						 
						
							
							
								
								doc/userguide: update http keywords  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ca47d75c80 
								
							
								 
							
						 
						
							
							
								
								doc/userguide: explain --strict-rule-keywords  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a18a9d3046 
								
							
								 
							
						 
						
							
							
								
								doc: New sticky buffer icmpv4.hdr  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								76de981574 
								
							
								 
							
						 
						
							
							
								
								napatech: Added comment indicating that hba will be deprecated  
							
							... 
							
							
							
							HBA will be deprecated in Suricata 7 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								3030a3da18 
								
							
								 
							
						 
						
							
							
								
								doc: provide eve 1 deprecation date  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c95850c6ce 
								
							
								 
							
						 
						
							
							
								
								doc/rules: document config rule option  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6f9b7e052a 
								
							
								 
							
						 
						
							
							
								
								doc/eve: Update threaded filename examples  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								f70e1f571e 
								
							
								 
							
						 
						
							
							
								
								doc/userguide: add info about --set and lists  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								69fffb2dc4 
								
							
								 
							
						 
						
							
							
								
								doc/userguide: include man page even when not including pdf  
							
							... 
							
							
							
							Fix a mistake in Makefile.am where the man page was only being
added to the distribution if the PDF was also created. It should
be included even if the PDF cannot be included. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								87617b200c 
								
							
								 
							
						 
						
							
							
								
								doc/datasets: add info about memcap and hashsize  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								7d44e80a50 
								
							
								 
							
						 
						
							
							
								
								doc: document removal of unified2  
							
							... 
							
							
							
							And suggest an alternate tool, Meer if compatibility with
Barnyard2 style databases is required.
Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3497  
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e71f2b22fa 
								
							
								 
							
						 
						
							
							
								
								doc: add removal of individual json loggers  
							
							... 
							
							
							
							Add link to multiple eve instances as a replacement for this
feature. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								9b5c923327 
								
							
								 
							
						 
						
							
							
								
								http: disables lzma by default for HTTP  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e1ecb7dc41 
								
							
								 
							
						 
						
							
							
								
								doc/datasets: explain reloads, general improvements  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								48da18b081 
								
							
								 
							
						 
						
							
							
								
								doc: dns - document additional fields in eve event  
							
							... 
							
							
							
							Documentation of additional fields for soa and sshfp. Also some minor
doc fixes and updates. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								06f41f608c 
								
							
								 
							
						 
						
							
							
								
								doc: Improve grammar, spelling and clarifications  
							
							... 
							
							
							
							This commit improves the overall documentation's grammar, spelling, and
adds clarifications  where needed. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								b21160a6e3 
								
							
								 
							
						 
						
							
							
								
								doc: http.host keyword note for matching on port  
							
							... 
							
							
							
							Signed-off-by: jason taylor <jtfas90@gmail.com> 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4549505418 
								
							
								 
							
						 
						
							
							
								
								doc/userguide: fix outdated xdp info  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								999af4f62a 
								
							
								 
							
						 
						
							
							
								
								http2: adds documentation  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								8d5e54c046 
								
							
								 
							
						 
						
							
							
								
								pcap: recusively reading pcaps / documentation  
							
							... 
							
							
							
							Changes to doc/userguide/partials/options.rst for feature 2363
   (reading pcaps recursively) 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4e1a41a17d 
								
							
								 
							
						 
						
							
							
								
								output-json: add MAC address output  
							
							... 
							
							
							
							This commit adds MAC address output to the EVE-JSON format. We follow the
remarks made in Redmine ticket #962 : for packets, log MAC src/dst as a
scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names
are different between flow and packet context to avoid type confusion
(src_mac vs. src_macs). Configuration approach and JSON representation is
taken from previous GitHub PR #2700 . 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c31360070b 
								
							
								 
							
						 
						
							
							
								
								rust/mqtt: add MQTT parser  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a5d30a3220 
								
							
								 
							
						 
						
							
							
								
								doc/output: Document multithreaded eve option  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								1569f3e349 
								
							
								 
							
						 
						
							
							
								
								transform: adds url_decode keyword  
							
							... 
							
							
							
							Fixes https://redmine.openinfosecfoundation.org/issues/2689 
Adds a new source file to handle this keyword.
And modifies documentation, Makefile, and registration accordingly.
url_decode decodes url-encoded data, ie replacing '+' with space
and '%HH' with its value. 
							
						 
						
							5 years ago