Optimization #3304
open
generic way to register buffers for logging and detection
Added by Andreas Herz over 4 years ago.
Updated 6 months ago.
Description
Currently creating support for logging protocol fields and matching protocol fields are distinct steps during development.
Goal is to unify this so the protocol parser implementations simply register a buffer/field once.
Related issues
2 (2 open — 0 closed)
- Subject changed from Make sure output of protocol parsers and keywords are both supported to generic way to register buffers for logging and detection
- Description updated (diff)
- Parent task deleted (
#3288)
- Related to Task #3288: Suricon 2019 brainstorm added
As I see it, the main problem is that detection requires redmine ticket + suricata-verify test + documentation when logging does not
Idea about this : using magic rust derive that would parse a struct and see which fiels are annotated for logging and/or detection and create functions to log them or get the buffer/integer for detection
Also available in: Atom
PDF