Actions
Optimization #3304
opengeneric way to register buffers for logging and detection
Description
Currently creating support for logging protocol fields and matching protocol fields are distinct steps during development.
Goal is to unify this so the protocol parser implementations simply register a buffer/field once.
Updated by Victor Julien about 5 years ago
- Subject changed from Make sure output of protocol parsers and keywords are both supported to generic way to register buffers for logging and detection
- Description updated (diff)
Updated by Victor Julien about 5 years ago
- Related to Task #3288: Suricon 2019 brainstorm added
Updated by Victor Julien about 4 years ago
- Related to Task #4101: tracking: plugins added
Updated by Philippe Antoine almost 2 years ago
As I see it, the main problem is that detection requires redmine ticket + suricata-verify test + documentation when logging does not
Updated by Philippe Antoine about 1 year ago
Idea about this : using magic rust derive that would parse a struct and see which fiels are annotated for logging and/or detection and create functions to log them or get the buffer/integer for detection
Updated by Victor Julien 6 months ago
- Related to Feature #4099: allow rule keyword registration from app-layer added
Updated by Philippe Antoine 6 months ago
@Jason Ish was there not a duplicate ticket for this we talked about yesterday ?
Updated by Philippe Antoine 6 months ago
- Related to Feature #7095: rdp: keywords additions added
Actions