Documentation #2699
closeddocument all eve record types and fields
Description
For each document type, document fields and their types. Add examples.
It's probably best to add specific tickets for each of the record types.
Files
Updated by Victor Julien over 6 years ago
- Assignee set to Robert Haist
- Target version set to TBD
Updated by Victor Julien over 6 years ago
- Related to Task #2685: SuriCon 2018 brainstorm added
Updated by Victor Julien over 6 years ago
- Related to Documentation #2620: userguide: document tagged_packets / event_type packet added
Updated by Robert Haist over 6 years ago
- Effort set to medium
Working on it over at Github: https://github.com/rhaist/suricata-json-schema
Will probably take some time until we have a fully reproducible build but you can expect a preview soon.
Updated by Victor Julien over 6 years ago
Maybe I'm misunderstanding the purpose of the schema, but the goal of this ticket is to get the userguide updated so that all missing EVE fields are documented.
The JSON schema ticket is #1369
Updated by Jason Ish about 6 years ago
Victor Julien wrote:
Maybe I'm misunderstanding the purpose of the schema, but the goal of this ticket is to get the userguide updated so that all missing EVE fields are documented.
The JSON schema ticket is #1369
I think the 2 are tightly related.
I had started to look at this again, more about how it should look to the end user. I played with using tables in Sphinx, but I don't find that scales well, especially if you want to reformat. When I jumped back to my JSON schema stuff, it is kind of ugly and I'm not sure if it can be used to generate suitable doc for the userguide. So my last attempt is just some custom YAML that I thought I might generate into Sphinx tables. Still not sure if that is a good idea though, given that JSON schema exists.
Ideally there should be one source of truth. If we still feel that JSON schema is suitable for QA testing, maybe that should be it. We could probably do some intermediate processing of it, and perhaps adding extra fields to provide context in end-user doc. By context I mean stuff like: "vlan - only present when the alerting packet has a vlan header".
Updated by Andreas Herz almost 6 years ago
- Assignee changed from Robert Haist to Sascha Steinbiss
Updated by Andreas Herz almost 6 years ago
- Tracker changed from Feature to Documentation
Updated by Philippe Antoine over 2 years ago
@Sascha Steinbiss is this done through the json schema ?
Updated by Sascha Steinbiss over 2 years ago
Good question. The generic documentation (as in: RTD pages) is not there yet, but from my point of view the JSON schema is OK. (Is etc/schema.json based on our 2019 stuff BTW or separately generated?)
Updated by Philippe Antoine over 2 years ago
Good question. The generic documentation (as in: RTD pages) is not there yet, but from my point of view the JSON schema is OK. (Is
etc/schema.jsonbased on our 2019 stuff BTW or separately generated?)
I do not know your 2019 stuff.etc/schema.json was generated with combining the outputs of suricata-verify tests (and then manual additions over time)
Updated by Philippe Antoine over 2 years ago
- Related to Documentation #5359: userguide: improve documentation on (main) EVE fields added
Updated by Jason Ish over 2 years ago
I've been working on a script to generate output from the schema.. Rough example here: https://gist.github.com/jasonish/fc04da8a5586954f78e1857fe3ae0203.
I'm thinking the next step would be a rather simple, but large `.rst` rendering as an appending in the docs with predictable anchors so one can link to the relevant section by protocol name, etc.
Updated by Philippe Antoine over 1 year ago
- Related to Documentation #6071: eve/schema: add descriptions to the schema added
Updated by Philippe Antoine over 1 year ago
@Jason Ish is this a duplicate of https://redmine.openinfosecfoundation.org/issues/6071 ?
Updated by Sascha Steinbiss over 1 year ago
- File sphinx1.png sphinx1.png added
- File sphinx2.png sphinx2.png added
My feeling is BTW that the stuff we did for Suricon 2019 is probably obsolete:
- There now is an official JSON schema maintained by the project itself, which is also used in tests to ensure it stays up-to-date. Much better than trying to establish one from the outside :)
- Our hacky documentation generation script indeed creates a tree of Sphinx documentation for RTD (see attachments), but it's pretty closely tied to our project and its result tree structure. Also, I'm not sure about predictable anchors; our script creates individual pages (https://github.com/satta/suricata-json-schema/blob/master/schematize.py).
Do we even want to keep this open?
Updated by Sascha Steinbiss about 1 year ago
- Status changed from Assigned to Closed
I am closing this now since I agree that the JSON schema that is already being maintained addresses the initial task of enumerating the fields and https://redmine.openinfosecfoundation.org/issues/6071 already tracks the documentation.