Actions
Optimization #3304
opengeneric way to register buffers for logging and detection
Description
Currently creating support for logging protocol fields and matching protocol fields are distinct steps during development.
Goal is to unify this so the protocol parser implementations simply register a buffer/field once.
Updated by Victor Julien over 5 years ago
- Subject changed from Make sure output of protocol parsers and keywords are both supported to generic way to register buffers for logging and detection
- Description updated (diff)
Updated by Victor Julien over 5 years ago
- Related to Task #3288: Suricon 2019 brainstorm added
Updated by Victor Julien over 4 years ago
- Related to Task #4101: tracking: plugins added
Updated by Philippe Antoine over 2 years ago
As I see it, the main problem is that detection requires redmine ticket + suricata-verify test + documentation when logging does not
Updated by Philippe Antoine over 1 year ago
Idea about this : using magic rust derive that would parse a struct and see which fiels are annotated for logging and/or detection and create functions to log them or get the buffer/integer for detection
Updated by Victor Julien 10 months ago
- Related to Feature #4099: app-layer: allow direct rule keyword registration added
Updated by Philippe Antoine 10 months ago
@Jason Ish was there not a duplicate ticket for this we talked about yesterday ?
Updated by Philippe Antoine 10 months ago
- Related to Feature #7095: rdp: keywords additions added
Actions