Actions
Optimization #3304
open
AH
OD
generic way to register buffers for logging and detection
Optimization #3304:
generic way to register buffers for logging and detection
Description
Currently creating support for logging protocol fields and matching protocol fields are distinct steps during development.
Goal is to unify this so the protocol parser implementations simply register a buffer/field once.
VJ Updated by Victor Julien over 6 years ago
- Subject changed from Make sure output of protocol parsers and keywords are both supported to generic way to register buffers for logging and detection
- Description updated (diff)
VJ Updated by Victor Julien over 6 years ago
- Parent task deleted (
#3288)
VJ Updated by Victor Julien over 6 years ago
- Related to Task #3288: Suricon 2019 brainstorm added
VJ Updated by Victor Julien over 5 years ago
- Related to Task #4101: tracking: plugins added
PA Updated by Philippe Antoine over 3 years ago
As I see it, the main problem is that detection requires redmine ticket + suricata-verify test + documentation when logging does not
PA Updated by Philippe Antoine over 2 years ago
Idea about this : using magic rust derive that would parse a struct and see which fiels are annotated for logging and/or detection and create functions to log them or get the buffer/integer for detection
VJ Updated by Victor Julien almost 2 years ago
- Related to Feature #4099: app-layer: allow direct rule keyword registration added
PA Updated by Philippe Antoine almost 2 years ago
@Jason Ish was there not a duplicate ticket for this we talked about yesterday ?
PA Updated by Philippe Antoine almost 2 years ago
- Related to Feature #7095: rdp: keywords additions added
Actions