Commit Graph

656 Commits (cb01cc6929b6bfdf02f7b3049d7bd110a1465fa4)

Author SHA1 Message Date
Andreas Dolp db73a12540 doc/tls: Add documentation for TLS logging 3 years ago
Andreas Dolp f42bb45ccd doc/tls: Remove redundant example 3 years ago
Andreas Dolp 324f5ec10c doc: Add missing ")" in example 3 years ago
Andreas Dolp e4163c4e02 doc: Fix typos 3 years ago
Andreas Dolp 49bd6cfa5d doc: Fix broken link 3 years ago
Eric Leblond 6f06f7c22c doc: add info about capture_file key 3 years ago
Eric Leblond 0c7e4c13a1 doc: add conditional pcap logging info 3 years ago
jason taylor d799956348 doc: add note about file.data and file_data
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
jason taylor 83f2056d20 doc: update file_data to file.data keyword
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
jason taylor cd54d0dbc8 doc: remove extra newline in order to match style
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
jason taylor 38bd775ca0 doc: remove extraneous + characters
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
Jason Ish 6ceeb08351 doc/userguide: updates for eve dns v1 removal
Ticket: #4157
4 years ago
Juliana Fajardini 1956dc3d5d userguide: explain alert queue behavior and stats
Added sections along packet-alert-max config section explaining
packet alert queue overflow (when Suri reaches packet alert max), when
alerts are discarded etc.

Since from the user perspective it shouldn't matter how we process the
alert queue, the term "replace" is used, even though there's not exactly
a replacing action happening, with the queue bein pre-processed before
being appended to the Packet.

Also described the associated stats and added an explanation on when to
change packet-alert-max.

Task #5178
4 years ago
Juliana Fajardini 49542d0f1b doc/userguide: explain packet-alert-max config
Task #4207
4 years ago
Jason Ish 7d6bc60abb doc/userguide: document ftp max-line-length 4 years ago
Victor Julien 976748b777 doc/smb: add resource limits section 4 years ago
William Harding f0528afc2d doc/userguide: sphinx syntax correction 4 years ago
Juliana Fajardini 55843aee8e devguide: update readme
Use it to explain how to go about the sequence diagram images
(generation, updating, what is mscgen etc).

Also remove portion that referred to Sphinx builds, as these don't make
sense now.
4 years ago
Juliana Fajardini e0c8dba7ac userguide: dynamically determine copyright date
This uses the date of doc generation to determine the copyright date
for the trailing date. Based on Jeff Lucovsky solution.
4 years ago
Juliana Fajardini 67af1504b3 devguide: drop use of mscgen script in builds/make
Currently, it seems easier to upload the diagram images to git than to
try to make the image generation script work with out of the tree builds
and other corner cases.

This means, however, that one must activelly remember to update msc
diagram files, run the script and re-add new png files, if those ever
need to be updated. To raise awareness to that, a watermark was added
to the diagram images.

Also removed configuration steps that added mscgen as dependency
(locally and for workflow builds and readthedocs).
4 years ago
Juliana Fajardini 5d63613c4b devguide: add watermark to sequence diagrams
Make it more evident that the sequence diagrams in the transactions
page are generated with Mscgen
4 years ago
Juliana Fajardini 6f77c722a2 devguide: move into userguide as last chapter
Moved devguide dir into userguide dir.
Since the devguide is now incorporated as the last chapter of the
userguide, removed build and configuration files from the devguide
dir, as these are no longer needed.

Task #4909
4 years ago
Juliana Fajardini 69c6657127 devguide: clarify cargo test usage for modules
The documentation was showing an invalid path for running single tests.
4 years ago
Philippe Antoine cfcade58ad http: move xff logging to alert object
Ticket: 4860

instead of root field
4 years ago
Andreas Dolp d4144c04cd Doc: Fix typo in documentation of suricata.yaml. 4 years ago
Shivani Bhardwaj 015c9fe1e3 doc: add usage of flowbits OR op
Ticket 5130
4 years ago
Juliana Fajardini 6c616d84b1 devguide: clarify style guide for getframe funcs
As the GetFrameIdByName can be probed, we must warn developers not to
leave any output in them, or misleading messages could be printed.

Task #5129
4 years ago
Jeff Lucovsky 117e11b0ae doc: Describe per-thread stack size config setting
Issue: 4550

This commit documents the new per-thread stack-size setting. Some
systems have a small default value that is not suitable for Suricata's
multi-threaded architecture and adjustment may be required.
4 years ago
Victor Julien e04fcfcf2f doc/userguide: minor rewording and reformatting for runmodes 4 years ago
Juliana Fajardini 28b5f4a555 devguide: add page about app-layer frame support
This explains the frame support from the perspective of a developer,
with introductory explanation on how to add frame support to an
applayer proto.

Doc #4697
4 years ago
Philippe Antoine 8adf172ab8 nfs: limits the number of active transactions per flow
Ticket: 4530
4 years ago
Jason Ish b9a429e6ce devguide: move image generation into sphinx setup
While ReadTheDocs can't execute arbitrary scripts, we can install
mscgen in the container that builds the docs (see .readthedocs.yaml).

Then instead of calling generate-images.sh from the Makefile, move this
into the setup function defined on conf.yaml, which will generate the
scripts as part of a normal Sphinx workflow.

This should give us an image generation solution that works on
ReadTheDocs, and locally within anyones build system provided they have
mscgen installed.
4 years ago
Philippe Antoine 11d3af551b doc: suricata.yaml fields about maximum transactions
For HTTP2, MQTT and FTP.
4 years ago
Juliana Fajardini 579d7dcc01 pgsql: add initial support
- add nom parsers for decoding most messages from StartupPhase and
SimpleQuery subprotocols
- add unittests
- tests/fuzz: add pgsql to confyaml

Feature: #4241
4 years ago
Victor Julien cf4ddab6f4 doc/quic: update for new quic.version logic 4 years ago
Emmanuel Thompson 6641efb74f doc/quic: Add documentation for QUIC keywords 4 years ago
Emmanuel Thompson 9ad60e7661 doc/quic: Add quic to eve json format 4 years ago
Andreas Dolp f714484591 Doc: Fix typos in documentation of suricata.yaml. 4 years ago
Philippe Antoine 0cfdec1266 detect: xor transform
Ticket: 3285

The xor transform applies xor decoding to a buffer, with a key
specified as an option in hexadecimal. Arbitrary key sizes are
accepted.
4 years ago
Jason Ish cda11b8d97 doc/update: mention change of default rule path 4 years ago
Jason Ish 8071d8239e doc: update rule section to current default
Update the rule section to better describe whats seen in a default
install of Suricata including a link to the rule management section.
4 years ago
Jeff Lucovsky 93842aa14a doc/yaml: Signal-termination option description 4 years ago
Juliana Fajardini 6ae80b2819 doc: replace ohloh with openhub link 4 years ago
Juliana Fajardini de0ce26e3f userguide: update references to Suricata website
Many places were still referencing the old Suricata page.
Used git grep with replace to update them. Checked that new links work.
Left old references when they were only documentation examples (for
output or unittests).

Task#4915
4 years ago
Juliana Fajardini 7b20488d4e userguide: fix low-hanging typos Config page 4 years ago
Odin Jenseg 2a5d79e426 doc/eve-json-format/dns: Describing Z-bit 4 years ago
Lukas Sismis dab3274263 dpdk: add documentation for the DPDK runmode
Briefly present the DPDK runmode through configuration file.
4 years ago
Lukas Sismis e4b5239202 doc: fix typo in "Stream engine" documentation 4 years ago
Philippe Antoine 27dd0c6b3d eve/ftp-data: log alert metadata in ftp-data object
Ticket: 4860

instead of directly in root
4 years ago
Juliana Fajardini 7c636d25c7 userguide: (nit) fix typo in lua-output page 4 years ago