Commit Graph

202 Commits (e91473b1519c4b69f4b36ac2345cdbd26d2b084b)

Author SHA1 Message Date
Eric Leblond a3f07ec02e doc: document drop-invalid option. 9 years ago
Eric Leblond e933eb849a doc: document filestore update 9 years ago
Andreas Herz bf1a8d08da doc: rephrase nocase placement explanation 9 years ago
Victor Julien 71c6df1655 lua: add SCFlowId for getting the flow id 9 years ago
Victor Julien 4697330b73 doc: flowints formatting cleanup 9 years ago
Victor Julien 0af562d4c8 doc: move parts out of snort difference doc
Move generic keyword descriptions to the keyword documentation.
9 years ago
David Wharton a8d0ae460c doc: removing (replaced) snort-compatibility.rst
snort-compatibility.rst replaced by differences-from-snort.rst
9 years ago
David Wharton 8a53d49e81 doc: replacing snort-compatibility link
The snort-compatibility.rst document is being replaced by
differences-from-snort.rst. This commit updates the link.
9 years ago
David Wharton 6bc7c64794 doc: overhaul of the snort-compatibility document
This is intended to replace the existing 'snort-compatibility.rst'
document.
Based on "The Suricata Rule Writing Guide for The Snort Expert"
2016 SuriCon talk.
9 years ago
Victor Julien f6e3755b5c lua: extend SCFlowAppLayerProto
Change SCFlowAppLayerProto to return 5 values:
<alproto> <alproto_ts> <alproto_tc> <alproto_orig> <alproto_expect>:

alproto: detected protocol
alproto_ts: detected protocol in toserver direction
alproto_tc: detected protocol in toclient direction
alproto_orig: pre-change/upgrade protocol
alproto_expected: expected protocol in change/upgrade

Orig and expect are used when changing and upgrading protocols. In a
SMTP STARTTLS case, orig would normally be set to "smtp" and expect
to "tls".
9 years ago
Victor Julien 79389558ac doc: update for stream changes 9 years ago
Victor Julien 245a89b7e7 doc: http keywords update 9 years ago
Ray Ruvinskiy 7539973109 tls: logging for session resumption
We assume session resumption has occurred if the Client Hello message
included a session id, we have not seen the server certificate, but
we have seen a Change Cipher Spec message from the server.

Previously, these transactions were not logged at all because the
server cert was never seen.

Ticket: https://redmine.openinfosecfoundation.org/issues/1969
9 years ago
fooinha 36667ab8a1 doc: async mode for redis eve output
async: true ## if redis replies are read asynchronously
9 years ago
psanders240 1223de4208 doc: Napatech docs improvement
Fix errors and simplify filters.
9 years ago
Victor Julien aca27ff383 doc: expand on bpf 9 years ago
Mats Klepsland 8b9f84bff2 doc: add documentation for date modifiers in eve-log 9 years ago
Mats Klepsland 37a12fe799 doc: add documentation for eve-log file rotation 9 years ago
fooinha 20d4d40051 log: tls custom format log 9 years ago
Mats Klepsland 7b1dae6251 doc: add documentation for Lua SCFlowTimestamps 9 years ago
Mats Klepsland 3b23387664 doc: add documentation for eve-log file permissions 9 years ago
Jon Zeolla ce8a65a58e docs: fix statement about flow:to_server 9 years ago
Jon Zeolla 1589a15495 docs: clarify how iprep works 9 years ago
Mats Klepsland 285b566205 doc: add documentation for TlsGetCertSerial Lua function 9 years ago
Mats Klepsland ee9f822b8e doc: add documentation for tls_cert_serial keyword 9 years ago
David Wharton 1bf7ded224 doc: specify buffers that can be used for fast_pattern
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
9 years ago
David Wharton b1ad770b36 doc: removed references to older Suricata versions
docs are versioned; references to older Suricata versions undesired.
9 years ago
Mats Klepsland e91bb09c91 doc: add documentation for TLS eve-log 9 years ago
Jason Ish 89ba5816dc doc: update unified2 section
Remove documentation on older unified formats that have
been removed.
9 years ago
Mats Klepsland 6a382259f8 doc: documentation for custom JSON flags in eve-log 9 years ago
Victor Julien c477c4370e doc: update for unix socket hostbits 9 years ago
Victor Julien 71607c905a doc: update unix socket 9 years ago
Eric Leblond c357dafed9 doc: document the tls_sni keyword 9 years ago
Mats Klepsland edbb035160 doc: add documentation for Lua SCFlowHasAlerts 9 years ago
Victor Julien a2d31b5e04 doc: napatech formatting fixes 9 years ago
Victor Julien b7b9b5b682 doc: add napatech to userguide 9 years ago
Peter Sanders 28c1516be7 doc: initial Napatech documentation 9 years ago
Victor Julien bc38cd5932 doc: initial xbits documentation 9 years ago
Victor Julien 41074a87a0 doc: DNP3 support is now available 9 years ago
Jason Ish 0c6c9784a2 doc: document that that ;, \, " need to be escaped in rules 9 years ago
Victor Julien 3012edae1c luajit: update default yaml and doc for 'states' 9 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 9 years ago
Jason Ish ee16b86900 doc: fix build pdf on non gnu make platforms
The Makefile generated by sphinx-build is GNU Make specific
causing the PDF phase to fail. Instead call pdflatex directly
based on how the generated Makefile was doing it.
9 years ago
Victor Julien 1aa70fb39e doc: add rate_filter 9 years ago
Jason Ish 1a724ba851 doc: flow: update and add new keywords 9 years ago
Victor Julien 56ffba9fd8 doc: initial app-layer keywords
Document app-layer-protocol and make a start with app-layer-event.
9 years ago
Victor Julien c6134e007e doc: app-layer tls including no-reassemble 9 years ago
Nicolas Thill 3750c15632 doc: add SCPacketTimestamp Lua function
Signed-off-by: Nicolas Thill <ntl@p1sec.com>
9 years ago
Victor Julien 4126fd82a0 doc: small eve update: add dns 9 years ago
Victor Julien e3b2d95100 doc: add recent tls keywords 9 years ago