Actions
Documentation #4658
openAdd/improve documentation for pcre substring capture logging
Affected Versions:
Effort:
Difficulty:
Label:
Description
Currently, if a user wants to log a matching string from a rule that uses `pcre`, there isn't much documentation to help them understand how can they do that.
Our documentation has:
https://suricata.readthedocs.io/en/suricata-6.0.3/rules/payload-keywords.html#pcre-perl-compatible-regular-expressions
And some `suricata-verify` tests could provide some examples:
https://github.com/OISF/suricata-verify/blob/master/tests/eve-metadata/test.rules
And others in the eve-matadata-* dirs.
But we could have all that better documented.
(image offers context from ad hoc support offered in our IRC chat)
Files
Updated by Jason Ish about 3 years ago
More documentation here as well: https://blog.inliniac.net/2016/12/20/suricata-bits-ints-and-vars/
Updated by Jason Ish almost 2 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version changed from TBD to 7.0.0-rc1
Going to try to address this a.s.a.p.
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Actions