suricata

Commit Graph

Author	SHA1	Message	Date
Lukas Sismis	eb52e337da	pcap-file: document capture method options	2 months ago
Jeff Lucovsky	a3a3ad8968	doc/output: EVE output buffering related settings	5 months ago
Sascha Steinbiss	285cc29ec0	redis: add automatic trimming support for streams	9 months ago
Sascha Steinbiss	d3d9f1c395	redis: implement XADD stream support Ticket: #7082	9 months ago
Jason Ish	cc519beb91	suricata.yaml: add missing custom tls fields Also update the suricata.yaml in the userguide.	9 months ago
Juliana Fajardini	d1d1c8cdac	doc/conf/yaml: replace underscore with dashes Use sed + regex to replace all occurrences of suricata.yaml terms that used underscore for their up-to-date dash version. Also search for such terms in the eve-log.yaml partials file, as that is referenced in the configuration section. commands used: sed -i 's/$^ [a-z]$_$[a-z]:$/\1-\2/g' sed -i 's/$^ [a-z]$_$[a-z]$_$[a-z]*:$/\1-\2-\3/g' Some other instances were found manually. Task #7260	10 months ago
Jeff Lucovsky	8064847fc6	doc: Document reference config setting Issue: 4974	10 months ago
Victor Julien	688bd538cf	pcap: implement pcap-file-buffer-size option Allows easy specification of buffer size on the commandline. Ticket: #7155.	11 months ago
Philippe Antoine	e0fd59a20d	doc: state that payload-length includes the gaps	1 year ago
Sascha Steinbiss	53c62432c6	doc: update MQTT configuration	1 year ago
Philippe Antoine	c9ce43b31e	output: configurable payload_length field for alerts Ticket: 7098	1 year ago
Giuseppe Longo	8a171c9d74	doc: add arp changes	1 year ago
Juliana Fajardini	bb59124063	yaml: unify 0 stats counter config option terms When we added feature #5976 (`72146b969`), we overlook that we also have a config stats option for the human-readable stats logs to output 0 counters. Due to not seeing this before, we now have two different setting names for basically the same thing, but in different logs: - zero-valued-counters for EVE - null-values for stats.log This ensures we use the same terminology, and change the recently added one to `null-values`, as this one has been around for longer. Task #6962	1 year ago
Juliana Fajardini	72146b969c	eve/stats: allow hiding counters whose valued is 0 Some stats can be quite verbose if logging all zero valued-counters. This allows users to disable logging such counters. Default is still true, as that's the expected behavior for the engine. Task #5976	1 year ago
Victor Julien	c0201d3212	doc/userguide: add reload-tenant(s) doc	2 years ago
Victor Julien	6ba0956a75	multi-tenant: allow reload w/o yaml path Store yaml path in de ctx, for reloads w/o path. This allows for a simpler `reload-tenant N`, where the previously used yaml is reloaded.	2 years ago
Victor Julien	0903536fd6	doc: spelling Thanks to Josh Soref.	2 years ago
Victor Julien	c0d9b3c078	doc/userguide: spelling	2 years ago
Jason Ish	1b844cd7f7	doc/userguide: document --include command line option	3 years ago
Richard McConnell	b39a4c63fe	doc: document AF_XDP feature	3 years ago
Jason Ish	0ea9ba66d1	userguide/eve-log: remove mentions of requiring Rust Rust is required to build now.	3 years ago
Aaron Bungay	d166c48d28	docs: update for bittorrent-dht app-layer	3 years ago
jason taylor	db5cf1f8f9	userguide: Add rule file globbing option details Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
frank honza	ecdf9f6b0b	ikev1: rename ikev2 to common ike Renaming was done with shell commands, git mv for moving the files and content like find -iname '*.c' \| xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.	4 years ago
Jason Ish	4b9af8d2ce	doc/userguide: document --disable-hashing	5 years ago
Victor Julien	ca47d75c80	doc/userguide: explain --strict-rule-keywords	5 years ago
Jason Ish	3030a3da18	doc: provide eve 1 deprecation date	5 years ago
Jeff Lucovsky	6f9b7e052a	doc/eve: Update threaded filename examples	5 years ago
Jason Ish	f70e1f571e	doc/userguide: add info about --set and lists	5 years ago
Jeff Lucovsky	06f41f608c	doc: Improve grammar, spelling and clarifications This commit improves the overall documentation's grammar, spelling, and adds clarifications where needed.	5 years ago
James Dutrisac	8d5e54c046	pcap: recusively reading pcaps / documentation Changes to doc/userguide/partials/options.rst for feature 2363 (reading pcaps recursively)	5 years ago
Jeff Lucovsky	a5d30a3220	doc/output: Document multithreaded eve option	5 years ago
Victor Julien	75727c05e0	doc/manpage: add --reject-dev option	5 years ago
Jeff Lucovsky	3385859176	doc/userguide: Update for dump-features	6 years ago
Daisu	fccdb1c642	doc/commandline: -i option is useable several times	6 years ago
Jason Ish	9111b9df57	doc: cleanup enging logging Attempt cleanup the engine logging a bit. Also a include a verbatim excerpt of the default configuration here for reference purposes.	6 years ago
Jason Ish	c97195bf0b	doc: -v verbose option documentation update Update -v documentation to reflect the new behaviour discussed in bug #1851 where -v changes the log level to fixed levels instead of an offset of the default log level configured in suricata.yaml.	6 years ago
Jeff Lucovsky	17c3e22ecd	doc/eve.alert: Expand metadata description	6 years ago
Jason Ish	9488002a0d	doc: use describe instead of option for old Sphinx Older versions of Sphinx will generate duplicate IDs when you have options like: .. option:: some-option .. option:: some-other-option The version of Sphinx provided on CentOS 7 has this issue, newer versions of Sphinx do not. As CentOS 7 is still a popular distribution, change ".. option" to ".. describe" which has the same visual output, but does not generate links.	6 years ago
Shivani Bhardwaj	4705314fd2	doc: Add manpages for suricatasc and suricatactl Add the missing manpages and the corresponding Sphinx configuration for the command line tools `suricatasc` and `suricatactl`. Closes redmine ticket #884.	6 years ago
Jason Ish	75a018ead2	doc: remove autoconf replacement var for Rust Set to yes as Rust is always enabled now.	6 years ago
Victor Julien	6fcd2db043	tile: remove files	7 years ago
Danny Browning	2dc6b6ee14	source-pcap-file: delete when done (2417) https://redmine.openinfosecfoundation.org/issues/2417 Add option to have pcap files deleted after they have been processed. This option combines well with pcap file continuous and streaming files to a directory being processed.	7 years ago
Jason Ish	fb85822730	dhcp: update user guide	7 years ago
Pascal Delalande	4f48927c44	doc: spelling mistakes in various sections of the user guide	7 years ago
Pierre Chifflier	6eb48e1e93	Add ikev2 to userguide	7 years ago
Giuseppe Longo	fb66d45754	doc: introduce dns compact logging	7 years ago
Brandon Sterne	a01a229b37	doc: use standard spelling of daemon	8 years ago
Jason Ish	74e036d09f	doc: update eve/alert/metadata configuration	8 years ago
Martin Natano	fe9cac5870	eve/alert: include rule text in alert output For SIEM analysis it is often useful to refer to the actual rules to find out why a specific alert has been triggered when the signature message does not convey enough information. Turn on the new rule flag to include the rule text in eve alert output. The feature is turned off by default. With a rule like this: alert dns $HOME_NET any -> 8.8.8.8 any (msg:"Google DNS server contacted"; sid:42;) The eve alert output might look something like this (pretty-printed for readability): { "timestamp": "2017-08-14T12:35:05.830812+0200", "flow_id": 1919856770919772, "in_iface": "eth0", "event_type": "alert", "src_ip": "10.20.30.40", "src_port": 50968, "dest_ip": "8.8.8.8", "dest_port": 53, "proto": "UDP", "alert": { "action": "allowed", "gid": 1, "signature_id": 42, "rev": 0, "signature": "Google DNS server contacted", "category": "", "severity": 3, "rule": "alert dns $HOME_NET any -> 8.8.8.8 any (msg:\"Google DNS server contacted\"; sid:43;)" }, "app_proto": "dns", "flow": { "pkts_toserver": 1, "pkts_toclient": 0, "bytes_toserver": 81, "bytes_toclient": 0, "start": "2017-08-14T12:35:05.830812+0200" } } Feature #2020	8 years ago

1 2

54 Commits (suricata-8.0.0-rc1)