Optimization #3304: generic way to register buffers for logging and detection - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #3304

open

generic way to register buffers for logging and detection

Added by Andreas Herz over 3 years ago. Updated 5 months ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Currently creating support for logging protocol fields and matching protocol fields are distinct steps during development.

Goal is to unify this so the protocol parser implementations simply register a buffer/field once.

Related issues 2 (2 open — 0 closed)

Actions

Copy link

Updated by Victor Julien over 3 years ago

Subject changed from Make sure output of protocol parsers and keywords are both supported to generic way to register buffers for logging and detection
Description updated (diff)

Actions

Copy link

Updated by Victor Julien over 3 years ago

Parent task deleted (~~#3288~~)

Actions

Copy link

Updated by Victor Julien over 3 years ago

Related to Task #3288: Suricon 2019 brainstorm added

Actions

Copy link

Updated by Victor Julien over 2 years ago

Related to Task #4101: tracking: plugins added

Actions

Copy link

Updated by Philippe Antoine 5 months ago

As I see it, the main problem is that detection requires redmine ticket + suricata-verify test + documentation when logging does not

Actions

Copy link

Also available in: Atom PDF

	Related to Task #3288: Suricon 2019 brainstorm	Assigned	Victor Julien				Actions
	Related to Task #4101: tracking: plugins	In Progress	Jason Ish				Actions

Project

General

Profile

Suricata

Custom queries