Documentation #5494: userguide: update tls eve-log fields 'not_before' and 'not_after' - Suricata - Open Information Security Foundation

Actions

Documentation #5494

closed

userguide: update tls eve-log fields 'not_before' and 'not_after'

Added by Juliana Fajardini Reichow over 1 year ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Juliana Fajardini Reichow

Target version:

Affected Versions:

6.0.6, git master

Effort:

Difficulty:

Label:

Description

It was reported that our documentation mentioned the tls fields 'not_before' and 'not_after'
as possible custom fields for the tls events in our eve-log, whereas in fact the fields
themselves are written as 'notbefore' and 'notafter', which led to confusion for folks trying
to follow the documentation to parse our logs.

Our documentation: https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html#id10
Example check for our eve-log: https://github.com/OISF/suricata-verify/blob/master/tests/bug-2646-01/test.yaml#L20

Update our documentation to reflect what is seen in our logs.

Subtasks 3 (0 open — 3 closed)

Related issues 1 (1 open — 0 closed)

Actions

#1

Updated by Juliana Fajardini Reichow over 1 year ago

Subject changed from userguide: update tls eve-log field 'not_before' and 'not_after' to userguide: update tls eve-log fields 'not_before' and 'not_after'
Description updated (diff)

Actions

#2

Updated by Juliana Fajardini Reichow over 1 year ago

Affected Versions git master added

Actions

#3

Updated by Juliana Fajardini Reichow over 1 year ago

Target version changed from TBD to 7.0.0-rc2

Actions

#4

Updated by Philippe Antoine over 1 year ago

Maybe https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html should link to etc/schema.json

Actions

#5

Updated by Juliana Fajardini Reichow about 1 year ago

Something like that, or if we could add documentation to the schema itself? Would that work?

Actions

#6

Updated by Juliana Fajardini Reichow about 1 year ago

Label Needs backport added

Actions

#7

Updated by Victor Julien about 1 year ago

Target version changed from 7.0.0-rc2 to 8.0.0-beta1

Actions

#8

Updated by Juliana Fajardini Reichow 5 months ago

Label Needs backport to 6.0, Needs backport to 7.0 added

Actions

#9

Updated by Juliana Fajardini Reichow 5 months ago

Status changed from New to In Progress

Actions

#10

Updated by Juliana Fajardini Reichow 5 months ago

Related to Documentation #6288: eve/schema: generate tables of data for app-layer protocols added

Actions

#11

Updated by Juliana Fajardini Reichow 5 months ago

Status changed from In Progress to In Review

PR for review: https://github.com/OISF/suricata/pull/9814

Actions

#12

Updated by OISF Ticketbot 5 months ago

Subtask #6505 added

Actions

#13

Updated by OISF Ticketbot 5 months ago

Label deleted (~~Needs backport, Needs backport to 6.0, Needs backport to 7.0~~)

Actions

#14

Updated by Shivani Bhardwaj 5 months ago

Label Needs backport to 6.0, Needs backport to 7.0 added

Actions

#15

Updated by OISF Ticketbot 5 months ago

Subtask #6512 added

Actions

#16

Updated by OISF Ticketbot 5 months ago

Subtask #6513 added

Actions

#17

Updated by OISF Ticketbot 5 months ago

Label deleted (~~Needs backport to 6.0~~)

Actions

#18

Updated by OISF Ticketbot 5 months ago

Label deleted (~~Needs backport to 7.0~~)

Actions

#19

Updated by Juliana Fajardini Reichow 5 months ago

Status changed from In Review to Resolved

Merged PR: https://github.com/OISF/suricata/pull/9814

Actions

#20

Updated by Juliana Fajardini Reichow 3 months ago

Status changed from Resolved to Closed

Actions

Also available in: Atom PDF