https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022020-04-13T15:54:44ZOpen Information Security FoundationSuricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=160272020-04-13T15:54:44ZJason Ishjason.ish@oisf.net
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Low</i></li><li><strong>Target version</strong> set to <i>6.0.0beta1</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=160292020-04-13T15:55:08ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-2 priority-4 priority-default" href="/issues/1993">Feature #1993</a>: commandline: introduce --enable-all-outputs switch</i> added</li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=160302020-04-13T15:55:15ZJason Ishjason.ish@oisf.net
<ul><li><strong>Subject</strong> changed from <i>eve: optiont to enable all outputs</i> to <i>eve: option to enable all outputs</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=164792020-05-25T15:27:08ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>6.0.0beta1</i> to <i>7.0.0-beta1</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=199282021-05-10T10:57:25ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> set to <i>Juliana Fajardini Reichow</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=201382021-06-18T12:23:42ZJuliana Fajardini Reichow
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li></ul><p>Hi,</p>
<p>my interpretation is that this issue is to address the yaml file option, since the related issue would already address cmdline alternative. Is that correct?</p> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=202942021-07-02T14:25:51ZJason Ishjason.ish@oisf.net
<ul></ul><p>Juliana Fajardini Reichow wrote in <a href="#note-6">#note-6</a>:</p>
<blockquote>
<p>Hi,</p>
<p>my interpretation is that this issue is to address the yaml file option, since the related issue would already address cmdline alternative. Is that correct?</p>
</blockquote>
<p>Thats correct. The end result would be the same I think, just where its set. The command line option is the most useful for now I think.</p> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=209512021-10-13T15:03:08ZJason Ishjason.ish@oisf.net
<ul><li><strong>Subject</strong> changed from <i>eve: option to enable all outputs</i> to <i>eve: configuration options to enable all, none or just a default set of outputs</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=209522021-10-13T15:28:36ZJason Ishjason.ish@oisf.net
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/20952/diff?detail_id=21582">diff</a>)</li><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Assigned</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=209532021-10-13T16:12:49ZJason Ishjason.ish@oisf.net
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/20953/diff?detail_id=21584">diff</a>)</li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=209542021-10-13T16:13:21ZJason Ishjason.ish@oisf.net
<ul></ul><p>Updated the description to discuss more about the problem and possible solutions.</p> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=209562021-10-13T19:40:13ZJeff Lucovsky
<ul></ul><p>In the use case from the description, is the assumption being made that the configuration file from the older Suricata deployment will be maintained?</p>
<p>Each new release, with potentially new protocols to log, would by definition already have those protocols listed under <code>types:</code>.</p>
<p>If<br /><pre>
types:
- defaults
</pre><br />is meant to help with updated Suricata versions, but not Suricata config files, I think this could work.</p> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=209572021-10-13T20:19:46ZJason Ishjason.ish@oisf.net
<ul></ul><p>Jeff Lucovsky wrote in <a href="#note-12">#note-12</a>:</p>
<blockquote>
<p>In the use case from the description, is the assumption being made that the configuration file from the older Suricata deployment will be maintained?</p>
</blockquote>
<p>No real assumptions. We just know that some upgrades occur without a proper conversion of the configuration file as we do our best to keep old configurations working, but this does mean that new protocols that are logged by default, in say 7.0 will never be enabled for the "lazy" upgrade path from 6.0. However, the protocol decoder enabled in this "lazy" upgrade path.</p> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=241582022-08-01T16:43:50ZVictor Julienvictor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>7.0.0-beta1</i> to <i>8.0.0-beta1</i></li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=267352023-02-02T19:52:54ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-4 status-2 priority-4 priority-default" href="/issues/2321">Optimization #2321</a>: yaml: clean up usage of lists</i> added</li></ul> Suricata - Feature #3636: eve: configuration options to enable all, none or just a default set of outputshttps://redmine.openinfosecfoundation.org/issues/3636?journal_id=315922023-12-14T14:56:45ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-8 priority-4 priority-default child" href="/issues/4782">Feature #4782</a>: config: add command to dump all active settings</i> added</li></ul>