Feature #1007: united output - Suricata - Open Information Security Foundation

Actions

Feature #1007

closed

VJ TD

united output

Feature #1007: united output

Added by Victor Julien over 12 years ago. Updated about 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

Unified output for all events and alerts into a single "stream", where the stream can be a file, socket, etc.

Files

enhanced-alerting.rst (2.83 KB) enhanced-alerting.rst

RFC sent to ML

Eric Leblond, 10/25/2013 05:56 AM

Subtasks 2 (0 open — 2 closed)

EL Updated by Eric Leblond over 12 years ago Actions
Copy link
#1

The logging format can be JSON. It should contains all the information available and be extensible:

Output all key values possible
- base64 encode binary
- examples
  - all http keywords
  - stream chunk
  - packet
- Extensibility
  - rule can set key:value
  - luajit export value
  - output matched string in alert
    - optional
    - only if significative value

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#2

Status changed from New to Assigned
Assignee set to Tom DeCanio
Target version set to 2.0rc2

EL Updated by Eric Leblond over 12 years ago Actions
Copy link
#3

File enhanced-alerting.rst enhanced-alerting.rst added

Attached file is proposal.

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#4

Target version changed from 2.0rc2 to 2.0beta2

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#5

Target version changed from 2.0beta2 to 2.0rc1

VJ Updated by Victor Julien about 12 years ago Actions
Copy link
#6

Status changed from Assigned to Closed

Merged through https://github.com/inliniac/suricata/pull/807

Actions

Also available in: PDF Atom