aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,347 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '637a7c8e55'
${ noResults }
Commit Graph

223 Commits (637a7c8e55e005edc2644a9b5774771926dd3f29)

Author SHA1 Message Date
Gaurav Singh 637a7c8e55 Adds options to mark when a file is final. 
This takes the form of an option to add the pid of the process to file
names. Additionally, it adds a suffix to the file name to indicate it is
not finalized.

Adding the pid to the file name reduces the likelihood that a file is
overwritten when suricata is unexpectedly killed. The number in the
waldo file is only written out during a clean shutdown. In the event
of an improper shutdown, extracted files will be written using the old
number and existing files with the same name will be overwritten.

Writes extracted files and their metadata to a temporary file suffixed
with '.tmp'. Renames the files when they are completely done being
written. As-is there is no way to know that a file on disk is still
being written to by suricata.
 7 years ago
Mats Klepsland 9556d4fef3 doc: add documentation for tls_cert_fingerprint keyword 7 years ago
Victor Julien 1180687574 doc/file_data: add note on negated matching 
Explain issue #2216 and how to avoid it.
 8 years ago
Victor Julien 456af8faa8 doc/napatech: formatting fixes 8 years ago
Andreas Herz c048ee6505 doc: reflect most recent cpu affinity settings 
Some settings like output-cpu-set never been used and detect got renamed
to worker. This reflects those changes already present in the yaml also
within the documentation.
 8 years ago
Julian f27b4fc8fe redis: support for rpush in list mode 
This adds a new redis mode rpush. Also more consistent config keywords orientated at the redis command: lpush and publish.
Keeping list and channel config keywords for backwards compatibility
 8 years ago
Phil Young 5f613e6e7d napatech: Added section describing packet counters. 8 years ago
Phil Young f6838f9085 napatech: Added description of hba usage. 8 years ago
Victor Julien fc229430f8 doc: add rust and update version in install 8 years ago
Sebastian Garcia d32ba60b51 Update public-data-sets.rst with stratosphere project 
Add the datasets of the Stratosphere project to the list.
 8 years ago
Jason Ish f715b0ae6b doc: add pid-file section to suricata.yaml doc 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
 8 years ago
Jason Ish 59d69666ea doc: add more details to log rotation doc 8 years ago
Jason Ish 92f15b7ffb doc: move log rotation to output section 8 years ago
Victor Julien 62b6f9fe25 decode: add config option to disable teredo 
Ticket #744.
 8 years ago
Abbed 320b032a88 doc: small typo under '4.3.1.5' section 8 years ago
Eric Leblond b763c7ec11 doc: document http-body logging 8 years ago
Eric Leblond 9e581436a7 doc: info about new config for alert events in EVE 8 years ago
Eric Leblond ef88689f1e doc: add app_proto to alert event 8 years ago
Selivanov Pavel 5162b58260 Fixed small typo: double sudo 8 years ago
Eric Leblond f4374ffd0b doc: some more info about alert format 8 years ago
Eric Leblond f5ad6a2095 doc: document target keyword 8 years ago
Eric Leblond a3f07ec02e doc: document drop-invalid option. 8 years ago
Eric Leblond e933eb849a doc: document filestore update 8 years ago
Andreas Herz bf1a8d08da doc: rephrase nocase placement explanation 8 years ago
Victor Julien 71c6df1655 lua: add SCFlowId for getting the flow id 8 years ago
Victor Julien 4697330b73 doc: flowints formatting cleanup 8 years ago
Victor Julien 0af562d4c8 doc: move parts out of snort difference doc 
Move generic keyword descriptions to the keyword documentation.
 8 years ago
David Wharton a8d0ae460c doc: removing (replaced) snort-compatibility.rst 
snort-compatibility.rst replaced by differences-from-snort.rst
 8 years ago
David Wharton 8a53d49e81 doc: replacing snort-compatibility link 
The snort-compatibility.rst document is being replaced by
differences-from-snort.rst. This commit updates the link.
 8 years ago
David Wharton 6bc7c64794 doc: overhaul of the snort-compatibility document 
This is intended to replace the existing 'snort-compatibility.rst'
document.
Based on "The Suricata Rule Writing Guide for The Snort Expert"
2016 SuriCon talk.
 8 years ago
Victor Julien f6e3755b5c lua: extend SCFlowAppLayerProto 
Change SCFlowAppLayerProto to return 5 values:
<alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>:

alproto: detected protocol
alproto_ts: detected protocol in toserver direction
alproto_tc: detected protocol in toclient direction
alproto_orig: pre-change/upgrade protocol
alproto_expected: expected protocol in change/upgrade

Orig and expect are used when changing and upgrading protocols. In a
SMTP STARTTLS case, orig would normally be set to "smtp" and expect
to "tls".
 8 years ago
Victor Julien 79389558ac doc: update for stream changes 8 years ago
Victor Julien 245a89b7e7 doc: http keywords update 8 years ago
Ray Ruvinskiy 7539973109 tls: logging for session resumption 
We assume session resumption has occurred if the Client Hello message
included a session id, we have not seen the server certificate, but
we have seen a Change Cipher Spec message from the server.

Previously, these transactions were not logged at all because the
server cert was never seen.

Ticket: https://redmine.openinfosecfoundation.org/issues/1969
 8 years ago
fooinha 36667ab8a1 doc: async mode for redis eve output 
async: true ## if redis replies are read asynchronously
 8 years ago
psanders240 1223de4208 doc: Napatech docs improvement 
Fix errors and simplify filters.
 8 years ago
Victor Julien aca27ff383 doc: expand on bpf 8 years ago
Mats Klepsland 8b9f84bff2 doc: add documentation for date modifiers in eve-log 8 years ago
Mats Klepsland 37a12fe799 doc: add documentation for eve-log file rotation 8 years ago
fooinha 20d4d40051 log: tls custom format log 8 years ago
Mats Klepsland 7b1dae6251 doc: add documentation for Lua SCFlowTimestamps 8 years ago
Mats Klepsland 3b23387664 doc: add documentation for eve-log file permissions 8 years ago
Jon Zeolla ce8a65a58e docs: fix statement about flow:to_server 8 years ago
Jon Zeolla 1589a15495 docs: clarify how iprep works 8 years ago
Mats Klepsland 285b566205 doc: add documentation for TlsGetCertSerial Lua function 8 years ago
Mats Klepsland ee9f822b8e doc: add documentation for tls_cert_serial keyword 8 years ago
David Wharton 1bf7ded224 doc: specify buffers that can be used for fast_pattern 
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
 8 years ago
David Wharton b1ad770b36 doc: removed references to older Suricata versions 
docs are versioned; references to older Suricata versions undesired.
 8 years ago
Mats Klepsland e91bb09c91 doc: add documentation for TLS eve-log 8 years ago
Jason Ish 89ba5816dc doc: update unified2 section 
Remove documentation on older unified formats that have
been removed.
 8 years ago