Eric Leblond
9e581436a7
doc: info about new config for alert events in EVE
7 years ago
Eric Leblond
ef88689f1e
doc: add app_proto to alert event
7 years ago
Selivanov Pavel
5162b58260
Fixed small typo: double sudo
7 years ago
Eric Leblond
f4374ffd0b
doc: some more info about alert format
7 years ago
Eric Leblond
f5ad6a2095
doc: document target keyword
7 years ago
Eric Leblond
a3f07ec02e
doc: document drop-invalid option.
7 years ago
Eric Leblond
e933eb849a
doc: document filestore update
7 years ago
Andreas Herz
bf1a8d08da
doc: rephrase nocase placement explanation
7 years ago
Victor Julien
71c6df1655
lua: add SCFlowId for getting the flow id
8 years ago
Victor Julien
4697330b73
doc: flowints formatting cleanup
8 years ago
Victor Julien
0af562d4c8
doc: move parts out of snort difference doc
...
Move generic keyword descriptions to the keyword documentation.
8 years ago
David Wharton
a8d0ae460c
doc: removing (replaced) snort-compatibility.rst
...
snort-compatibility.rst replaced by differences-from-snort.rst
8 years ago
David Wharton
8a53d49e81
doc: replacing snort-compatibility link
...
The snort-compatibility.rst document is being replaced by
differences-from-snort.rst. This commit updates the link.
8 years ago
David Wharton
6bc7c64794
doc: overhaul of the snort-compatibility document
...
This is intended to replace the existing 'snort-compatibility.rst'
document.
Based on "The Suricata Rule Writing Guide for The Snort Expert"
2016 SuriCon talk.
8 years ago
Victor Julien
f6e3755b5c
lua: extend SCFlowAppLayerProto
...
Change SCFlowAppLayerProto to return 5 values:
<alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>:
alproto: detected protocol
alproto_ts: detected protocol in toserver direction
alproto_tc: detected protocol in toclient direction
alproto_orig: pre-change/upgrade protocol
alproto_expected: expected protocol in change/upgrade
Orig and expect are used when changing and upgrading protocols. In a
SMTP STARTTLS case, orig would normally be set to "smtp" and expect
to "tls".
8 years ago
Victor Julien
79389558ac
doc: update for stream changes
8 years ago
Victor Julien
245a89b7e7
doc: http keywords update
8 years ago
Ray Ruvinskiy
7539973109
tls: logging for session resumption
...
We assume session resumption has occurred if the Client Hello message
included a session id, we have not seen the server certificate, but
we have seen a Change Cipher Spec message from the server.
Previously, these transactions were not logged at all because the
server cert was never seen.
Ticket: https://redmine.openinfosecfoundation.org/issues/1969
8 years ago
fooinha
36667ab8a1
doc: async mode for redis eve output
...
async: true ## if redis replies are read asynchronously
8 years ago
psanders240
1223de4208
doc: Napatech docs improvement
...
Fix errors and simplify filters.
8 years ago
Victor Julien
aca27ff383
doc: expand on bpf
8 years ago
Mats Klepsland
8b9f84bff2
doc: add documentation for date modifiers in eve-log
8 years ago
Mats Klepsland
37a12fe799
doc: add documentation for eve-log file rotation
8 years ago
fooinha
20d4d40051
log: tls custom format log
8 years ago
Mats Klepsland
7b1dae6251
doc: add documentation for Lua SCFlowTimestamps
8 years ago
Mats Klepsland
3b23387664
doc: add documentation for eve-log file permissions
8 years ago
Jon Zeolla
ce8a65a58e
docs: fix statement about flow:to_server
8 years ago
Jon Zeolla
1589a15495
docs: clarify how iprep works
8 years ago
Mats Klepsland
285b566205
doc: add documentation for TlsGetCertSerial Lua function
8 years ago
Mats Klepsland
ee9f822b8e
doc: add documentation for tls_cert_serial keyword
8 years ago
David Wharton
1bf7ded224
doc: specify buffers that can be used for fast_pattern
...
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
8 years ago
David Wharton
b1ad770b36
doc: removed references to older Suricata versions
...
docs are versioned; references to older Suricata versions undesired.
8 years ago
Mats Klepsland
e91bb09c91
doc: add documentation for TLS eve-log
8 years ago
Jason Ish
89ba5816dc
doc: update unified2 section
...
Remove documentation on older unified formats that have
been removed.
8 years ago
Mats Klepsland
6a382259f8
doc: documentation for custom JSON flags in eve-log
8 years ago
Victor Julien
c477c4370e
doc: update for unix socket hostbits
8 years ago
Victor Julien
71607c905a
doc: update unix socket
8 years ago
Eric Leblond
c357dafed9
doc: document the tls_sni keyword
8 years ago
Mats Klepsland
edbb035160
doc: add documentation for Lua SCFlowHasAlerts
8 years ago
Victor Julien
a2d31b5e04
doc: napatech formatting fixes
8 years ago
Victor Julien
b7b9b5b682
doc: add napatech to userguide
8 years ago
Peter Sanders
28c1516be7
doc: initial Napatech documentation
8 years ago
Victor Julien
bc38cd5932
doc: initial xbits documentation
8 years ago
Victor Julien
41074a87a0
doc: DNP3 support is now available
8 years ago
Jason Ish
0c6c9784a2
doc: document that that ;, \, " need to be escaped in rules
8 years ago
Victor Julien
3012edae1c
luajit: update default yaml and doc for 'states'
8 years ago
Jason Ish
0792f80909
doc: only build pdf on dist if pdflatex is installed
8 years ago
Jason Ish
ee16b86900
doc: fix build pdf on non gnu make platforms
...
The Makefile generated by sphinx-build is GNU Make specific
causing the PDF phase to fail. Instead call pdflatex directly
based on how the generated Makefile was doing it.
8 years ago
Victor Julien
1aa70fb39e
doc: add rate_filter
8 years ago
Jason Ish
1a724ba851
doc: flow: update and add new keywords
8 years ago