Documentation #4658
openAdd/improve documentation for pcre substring capture logging
Description
Currently, if a user wants to log a matching string from a rule that uses `pcre`, there isn't much documentation to help them understand how can they do that.
Our documentation has:
https://suricata.readthedocs.io/en/suricata-6.0.3/rules/payload-keywords.html#pcre-perl-compatible-regular-expressions
And some `suricata-verify` tests could provide some examples:
https://github.com/OISF/suricata-verify/blob/master/tests/eve-metadata/test.rules
And others in the eve-matadata-* dirs.
But we could have all that better documented.
(image offers context from ad hoc support offered in our IRC chat)
Files
JI Updated by Jason Ish over 4 years ago
More documentation here as well: https://blog.inliniac.net/2016/12/20/suricata-bits-ints-and-vars/
JI Updated by Jason Ish over 3 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version changed from TBD to 7.0.0-rc1
Going to try to address this a.s.a.p.
VJ Updated by Victor Julien about 3 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
VJ Updated by Victor Julien about 3 years ago
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
JI Updated by Jason Ish over 1 year ago
- Assignee changed from Jason Ish to OISF Dev
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
VJ Updated by Victor Julien 10 months ago
- Target version changed from 8.0.0-rc1 to 8.0.0
PA Updated by Philippe Antoine 9 months ago
- Target version changed from 8.0.0 to 8.0.1
VJ Updated by Victor Julien 7 months ago
- Target version changed from 8.0.1 to 8.0.2
VJ Updated by Victor Julien 7 months ago
- Assignee changed from OISF Dev to Jeff Lucovsky
- Target version changed from 8.0.2 to 9.0.0-beta1
@Jeff Lucovsky do I remember correctly that you did some work in this area?