Commit Graph

263 Commits (2b56b02569d8d79da3de98d5f11884afa502aec0)

Author SHA1 Message Date
Jason Ish f715b0ae6b doc: add pid-file section to suricata.yaml doc
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
8 years ago
Jason Ish 59d69666ea doc: add more details to log rotation doc 8 years ago
Jason Ish 92f15b7ffb doc: move log rotation to output section 8 years ago
Victor Julien 62b6f9fe25 decode: add config option to disable teredo
Ticket #744.
8 years ago
Abbed 320b032a88 doc: small typo under '4.3.1.5' section 8 years ago
Eric Leblond b763c7ec11 doc: document http-body logging 8 years ago
Eric Leblond 9e581436a7 doc: info about new config for alert events in EVE 8 years ago
Eric Leblond ef88689f1e doc: add app_proto to alert event 8 years ago
Selivanov Pavel 5162b58260 Fixed small typo: double sudo 8 years ago
Eric Leblond f4374ffd0b doc: some more info about alert format 8 years ago
Eric Leblond f5ad6a2095 doc: document target keyword 8 years ago
Eric Leblond a3f07ec02e doc: document drop-invalid option. 9 years ago
Eric Leblond e933eb849a doc: document filestore update 9 years ago
Andreas Herz bf1a8d08da doc: rephrase nocase placement explanation 9 years ago
Victor Julien 71c6df1655 lua: add SCFlowId for getting the flow id 9 years ago
Victor Julien 4697330b73 doc: flowints formatting cleanup 9 years ago
Victor Julien 0af562d4c8 doc: move parts out of snort difference doc
Move generic keyword descriptions to the keyword documentation.
9 years ago
David Wharton a8d0ae460c doc: removing (replaced) snort-compatibility.rst
snort-compatibility.rst replaced by differences-from-snort.rst
9 years ago
David Wharton 8a53d49e81 doc: replacing snort-compatibility link
The snort-compatibility.rst document is being replaced by
differences-from-snort.rst. This commit updates the link.
9 years ago
David Wharton 6bc7c64794 doc: overhaul of the snort-compatibility document
This is intended to replace the existing 'snort-compatibility.rst'
document.
Based on "The Suricata Rule Writing Guide for The Snort Expert"
2016 SuriCon talk.
9 years ago
Victor Julien f6e3755b5c lua: extend SCFlowAppLayerProto
Change SCFlowAppLayerProto to return 5 values:
<alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>:

alproto: detected protocol
alproto_ts: detected protocol in toserver direction
alproto_tc: detected protocol in toclient direction
alproto_orig: pre-change/upgrade protocol
alproto_expected: expected protocol in change/upgrade

Orig and expect are used when changing and upgrading protocols. In a
SMTP STARTTLS case, orig would normally be set to "smtp" and expect
to "tls".
9 years ago
Victor Julien 79389558ac doc: update for stream changes 9 years ago
Victor Julien 245a89b7e7 doc: http keywords update 9 years ago
Ray Ruvinskiy 7539973109 tls: logging for session resumption
We assume session resumption has occurred if the Client Hello message
included a session id, we have not seen the server certificate, but
we have seen a Change Cipher Spec message from the server.

Previously, these transactions were not logged at all because the
server cert was never seen.

Ticket: https://redmine.openinfosecfoundation.org/issues/1969
9 years ago
fooinha 36667ab8a1 doc: async mode for redis eve output
async: true ## if redis replies are read asynchronously
9 years ago
psanders240 1223de4208 doc: Napatech docs improvement
Fix errors and simplify filters.
9 years ago
Victor Julien aca27ff383 doc: expand on bpf 9 years ago
Mats Klepsland 8b9f84bff2 doc: add documentation for date modifiers in eve-log 9 years ago
Mats Klepsland 37a12fe799 doc: add documentation for eve-log file rotation 9 years ago
fooinha 20d4d40051 log: tls custom format log 9 years ago
Mats Klepsland 7b1dae6251 doc: add documentation for Lua SCFlowTimestamps 9 years ago
Mats Klepsland 3b23387664 doc: add documentation for eve-log file permissions 9 years ago
Jon Zeolla ce8a65a58e docs: fix statement about flow:to_server 9 years ago
Jon Zeolla 1589a15495 docs: clarify how iprep works 9 years ago
Mats Klepsland 285b566205 doc: add documentation for TlsGetCertSerial Lua function 9 years ago
Mats Klepsland ee9f822b8e doc: add documentation for tls_cert_serial keyword 9 years ago
David Wharton 1bf7ded224 doc: specify buffers that can be used for fast_pattern
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
9 years ago
David Wharton b1ad770b36 doc: removed references to older Suricata versions
docs are versioned; references to older Suricata versions undesired.
9 years ago
Mats Klepsland e91bb09c91 doc: add documentation for TLS eve-log 9 years ago
Jason Ish 89ba5816dc doc: update unified2 section
Remove documentation on older unified formats that have
been removed.
9 years ago
Mats Klepsland 6a382259f8 doc: documentation for custom JSON flags in eve-log 9 years ago
Victor Julien c477c4370e doc: update for unix socket hostbits 9 years ago
Victor Julien 71607c905a doc: update unix socket 9 years ago
Eric Leblond c357dafed9 doc: document the tls_sni keyword 9 years ago
Mats Klepsland edbb035160 doc: add documentation for Lua SCFlowHasAlerts 9 years ago
Victor Julien a2d31b5e04 doc: napatech formatting fixes 9 years ago
Victor Julien b7b9b5b682 doc: add napatech to userguide 9 years ago
Peter Sanders 28c1516be7 doc: initial Napatech documentation 9 years ago
Victor Julien bc38cd5932 doc: initial xbits documentation 9 years ago
Victor Julien 41074a87a0 doc: DNP3 support is now available 9 years ago
Jason Ish 0c6c9784a2 doc: document that that ;, \, " need to be escaped in rules 9 years ago
Victor Julien 3012edae1c luajit: update default yaml and doc for 'states' 9 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 9 years ago
Jason Ish ee16b86900 doc: fix build pdf on non gnu make platforms
The Makefile generated by sphinx-build is GNU Make specific
causing the PDF phase to fail. Instead call pdflatex directly
based on how the generated Makefile was doing it.
9 years ago
Victor Julien 1aa70fb39e doc: add rate_filter 9 years ago
Jason Ish 1a724ba851 doc: flow: update and add new keywords 9 years ago
Victor Julien 56ffba9fd8 doc: initial app-layer keywords
Document app-layer-protocol and make a start with app-layer-event.
9 years ago
Victor Julien c6134e007e doc: app-layer tls including no-reassemble 9 years ago
Nicolas Thill 3750c15632 doc: add SCPacketTimestamp Lua function
Signed-off-by: Nicolas Thill <ntl@p1sec.com>
9 years ago
Victor Julien 4126fd82a0 doc: small eve update: add dns 9 years ago
Victor Julien e3b2d95100 doc: add recent tls keywords 9 years ago
Victor Julien 08b875c03b doc: clean up fast_pattern 9 years ago
Victor Julien f1046db113 doc: fix header keywords layout 9 years ago
Victor Julien d80914d350 doc: move rule reload and adding rules into rule-management 9 years ago
Victor Julien e24c3937b3 doc: add rule-management chapter 9 years ago
Victor Julien 80bd59ae86 doc: improve install doc, configure 9 years ago
Victor Julien 48274218df doc: multi-tenancy is not work in progress 9 years ago
Victor Julien f64decf5e2 doc: clean up log rotation 9 years ago
Victor Julien 729fd2e406 doc: update libcap-ng doc 9 years ago
Victor Julien e5ee665f24 doc: rewrite rule reload doc 9 years ago
Victor Julien 6a831f8125 doc: add simple install guide 9 years ago
Jason Ish 2c60e9b4de doc: remove userguide.pdf on clean instead of suricata.pdf
As the pdf is a built artifact, it needs to be removed to
satisfy distcheck.
9 years ago
Jason Ish afead7e565 doc: add missing docs to EXTRA_DIST 9 years ago
Jason Ish dbde356053 doc: exclude docs in partials/ from reference errors
These docs are already included with the include statement,
but older versions of Sphinx still complain that they
are not in a table of contents.
9 years ago
Victor Julien aaf0fe4d29 doc: eve update 9 years ago
Victor Julien a35bea28f3 doc: rules-meta typo 9 years ago
Victor Julien 76b55214f0 doc: rules-meta small cleanup 9 years ago
Victor Julien 3cf1b12061 doc: http sticky vs modifier 9 years ago
Victor Julien 0d15593258 doc: move urilen to other uri keywords 9 years ago
Victor Julien 34bfacdee0 doc: add minimal http request/response line sections 9 years ago
Victor Julien adb6c75e2e doc: only make sphinx warnings fatal on html/pdf 9 years ago
Jason Ish 82a6bfd599 doc: manpage: add bugs and notes section 9 years ago
Jason Ish a4450b768e doc: manpage: add signals section 9 years ago
Jason Ish 5c78fdbc9c doc: break out command line options into a common doc
The command line options can now be consumed by the man page
and the user guide.

Some attempt was made to order the options from common/basic
progressing to advanced with some notion of options
grouped together.
9 years ago
Jason Ish cd4c9e73f8 doc: fix sphinx warnings
This involved removing documents that were intentionally
not referenced as they are not good candidates for the
user guide.
9 years ago
Jason Ish 3df7f97a33 doc: fail on sphinx warnings 9 years ago
Jason Ish 79d21e9eee docs: include userguide.pdf in dist 9 years ago
Jason Ish 214e97814c doc: bring in unix socket interaction from wiki 9 years ago
Jason Ish bec128bbf9 doc: attempt to parse version if not in environment
Should fix the version displayed on readthedocs.
9 years ago
Giuseppe Longo 3f214b506a file-store: add depth setting
When a rules match and fired filestore we may want
to increase the stream reassembly depth for this specific.

This add the 'depth' setting in file-store config,
which permits to specify how much data we want to reassemble
into a stream.
9 years ago
Giuseppe Longo 9ab1194f68 modbus: set stream depth
Some protocol like modbus requires
a infinite stream depth because session
are kept open and we want to analyze everything.

Since we have a stream reassembly depth per stream,
we can also set a stream reassembly depth per proto.
9 years ago
Victor Julien 92b393ee9a doc: include enip page 9 years ago
Victor Julien a2d8cfb5d3 doc: reorder rule docs 9 years ago
kwong a3ffebd835 Adding SCADA EtherNet/IP and CIP protocol support
Add support for the ENIP/CIP Industrial protocol

This is an app layer implementation which uses the "enip" protocol
and "cip_service" and "enip_command" keywords

Implements AFL entry points
9 years ago
Victor Julien 5bd906ae9f doc: prefilter keyword and config 9 years ago
Victor Julien 3ab405dc50 doc: reorganize hyperscan guide 9 years ago
Victor Julien 99d5bf4e68 doc: improve tuning/perf docs 9 years ago
Victor Julien c7c8de7d59 doc: fix ET example URL 9 years ago
Victor Julien 485544d885 doc: improve commandline options 9 years ago
Victor Julien 7011d8f34c doc: remove/cleanup 'guides' 9 years ago