aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,789 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c160f78758'
${ noResults }
Commit Graph

189 Commits (c160f7875874ae18303b3134ee1690f6c783d666)

Author SHA1 Message Date
Victor Julien c160f78758 yaml: move afpacket, pcap, pcap-file up 9 years ago
Victor Julien d48098f189 yaml: move logging up 9 years ago
Victor Julien c949668863 yaml: move rules up in the file 
Also disable decoder and stream events by default, as they are too noisy
in a untuned environment.
 9 years ago
Victor Julien a9cea53e62 yaml: move vars to the top 9 years ago
Justin Viiret c9d0d6f698 mpm: add "auto" default for mpm-algo 
Setting mpm-algo to "auto" will use "hs" if Suricata was built against
Hyperscan, and "ac" otherwise (or "ac-tile" on Tilera platforms).
 9 years ago
Eric Leblond ff05fb760b af-packet: fix some typos in yaml 9 years ago
Eric Leblond 876b356bbe af-packet: use mmap capture by default 
Update the code to use mmap capture by default even in unset in
configuration file. mmap capture is now be turned off by using
explicitely 'use-mmap: no' in configuration.
 9 years ago
Eric Leblond f5c2019167 af-packet: add option to use memory locked mmap 9 years ago
Eric Leblond 234aefdff9 af-packet: configurable tpacket_v3 block timeout 
Block timeout defines the maximum filling duration of a block.
 9 years ago
Eric Leblond fa902abedf af-packet: configurable tpacket_v3 block size 
It is used to set the block size in tpacket_v3. It will allow user
to tune the capture depending on his bandwidth.

Default block size value has been updated to a bigger value to
allow more efficient wlak on block.
 9 years ago
Eric Leblond bae1b03cf5 af-packet: tpacket_v3 implementation 
This patch adds a basic implementation of AF_PACKET tpacket v3. It
is basic in the way it is only working for 'workers' runnning mode.
If not in 'workers' mode there is a fallback to tpacket_v2. Feature
is activated via tpacket-v3 option in the af-packet section of
Suricata YAML.
 9 years ago
Justin Viiret 91011b30a6 spm: add "spm-algo: auto" setting 
This will default to Hyperscan when Suricata is built with Hyperscan
support. Otherwise, Boyer-Moore is used by default.
 9 years ago
Justin Viiret 7ba9dbe36a suricata.yaml: document spm-algo option 9 years ago
maxtors c6bbd89251 Added payload-buffer-size option to yaml configuration 9 years ago
Victor Julien 5f676167a3 detect grouping: make json dump configurable 
Make the rule grouping dump to rule_group.json configurable.

detect:
  profiling:
    grouping:
      dump-to-disk: false
      include-rules: false      # very verbose
      include-mpm-stats: false
 9 years ago
Victor Julien d6ba01b1b7 detect: make port whitelisting configurable 
Make the port grouping whitelisting configurable. A whitelisted port
ends up in it's own port group.

detect:
  grouping:
    tcp-whitelist: 80, 443
    udp-whitelist: 53, 5060

No portranges are allowed at this point.
 9 years ago
Victor Julien 725d6c3739 yaml: convert detect-engine to just detect 
Instead of detect-engine which used a list for no good reason, use a
simple map now.

detect:
  profile: medium
  custom-values:
    toclient-groups: 3
    toserver-groups: 25
  sgh-mpm-context: auto
  inspection-recursion-limit: 3000
  # If set to yes, the loading of signatures will be made after the capture
  # is started. This will limit the downtime in IPS mode.
  #delayed-detect: yes
 9 years ago
Victor Julien caea596ce5 profiling: output post-prefilter matches 
Dump a json record containing all sigs that need to be inspected after
prefilter. Part of profiling. Only dump if threshold is met, which is
currently set by:

 --set detect.profiling.inspect-logging-threshold=200

A file called packet_inspected_rules.json is created in the default
log dir.
 9 years ago
Victor Julien 722e2dbf7c profiling: initial rulegroup tracking 
Per rule group tracking of checks, use of lists, mpm matches,
post filter counts.

Logs SGH id so it can be compared with the rule_group.json output.

Implemented both in a human readable text format and a JSON format.
 9 years ago
Victor Julien 4f8e1f59a6 mpm: remove obsolete mpm algos 
Remove: ac-gfbs, wumanber, b2g, b3g.
 9 years ago
Victor Julien 4526aed2b1 smtp: fix config parsing and config defaults 9 years ago
Travis Green 72c9debbd6 yaml: disable rules by default 
Change to "disable by default" rulefiles
 9 years ago
Tom DeCanio 559747e325 file-store: add force-filestore configuration option to enable writing all 
extracted files to filesystem.
 9 years ago
Andreas Herz 5cee70f9ae Fix the comment and explanation for random-chunk-size 9 years ago
Andreas Herz 15c98c6085 file-magic: improve libmagic handling on *nix systems 9 years ago
Victor Julien fae2836039 http: more sane body inspection/tracking defaults 9 years ago
Victor Julien b4dad91e26 unified2: disable by default 9 years ago
Victor Julien 36fde7df42 stats log: suppress 0 counters by default 9 years ago
Jason Ish d87a60f3cc modbus: disable by default 9 years ago
Victor Julien c1bf0e1b07 rule profiling: json output 9 years ago
Eric Leblond affb399cd9 config: don't use hardcoded path 
It is better to use a transformation to define the default
directory of output message instead of using an hardcoded value.
Same apply to the directory for the pid file.
 9 years ago
Eric Leblond b834e2d19a util-logopenfile: implement redis pipelining 
This patch implements redis pipelining. This consist in contacting
the redis server every N events to minimize the number of TCP
exchange. This is optional and setup via the configuration file.
 9 years ago
Eric Leblond 60ea49c777 output-json: add sensor-name config variable 
When using redis output, we are loosing the host key (added by
logstash or logstash-forwarder) and we can't find anymore what
Suricata did cause the alert.

This patch is adding this key during message generation using the
'sensor-name' variable or the hostname is 'sensor-name' is not
defined.
 9 years ago
Eric Leblond eef5678e5e output-json: add redis support 
This patch adds redis support to JSON output.
 9 years ago
Alessandro Guido dcbbda505f Describe new unified2-alert "payload" option 10 years ago
Eric Leblond f03a7a032f json-alert: add smtp elements in alert 10 years ago
Eric Leblond 946f2a6acc email-json: add bcc to extended fields 10 years ago
Eric Leblond 8fd88f543d yaml: add comment describing smtp extended 10 years ago
Eric Leblond f81f353d1f email-json: add 'date' field extraction 10 years ago
Eric Leblond d1b0a5aa6d yaml: document new MIME features 10 years ago
Victor Julien 7281ae6e80 yaml: add missing ippair section 10 years ago
Eric Leblond 3054af7900 af-packet: don't activate rollover by default 
Rollover option is causing issue with TCP streaming code because
packets from the same flow to be treated out of order. As long as
the situation is not fixed in the streaming engine, it is a bad idea
to enable it by default.
 10 years ago
gureedo a7a902a071 netmap: extended comments for options in configuration file. 
Added extended description of the use of OS endpoint with copy mode.
 10 years ago
Eric Leblond 8fde842f97 af-packet: implement rollover option 
This patch implements the rollover option in af_packet capture.
This should heavily minimize the packet drops as well as the
maximum bandwidth treated for a single flow.

The option has been deactivated by default but it is activated in
the af_packet default section. This ensure there is no change for
old users using an existing YAML. And new users will benefit from
the change.

This option is available since Linux 3.10. An analysis of af_packet
kernel code shows that setting the flag in all cases should not
cause any trouble for older kernel.
 10 years ago
Eric Leblond dc306f3bad af-packet: implement new load balancing modes 
This patch implements the fanout load balancing modes available
in kernel 4.0. The more interesting is cluster_qm that does the
load balancing based on the RSS queues. So if the network card
is doing a flow based load balancing then a given socket will
receive all packets of a flow indepently of the CPU affinity.
 10 years ago
Aleksey Katargin caa2438b98 netmap: support SW rings 
Netmap uses SW rings to send and receive packets from OS.
 10 years ago
Eric Leblond 4db0a35f25 tls-store: now a separate module 
An design error was made when doing the TLS storage module which
has been made dependant of the TLS logging. At the time there was
only one TLS logging module but there is now two different ones.

By putting the TLS store module in a separate module, we can now
use EVE output and TLS store at the same time.
 10 years ago
Victor Julien f43767ba44 config: update yaml to show json logging option 10 years ago
Giuseppe Longo a459376d2e app-layer-htp: add http_body_inline setting 10 years ago
Jason Ish e3ce29f694 json-stats: log deltas 
If "deltas" is yes, log delta values as the name of the value
suffixed with _delta.
 10 years ago