Documentation #5494
closeduserguide: update tls eve-log fields 'not_before' and 'not_after'
Description
It was reported that our documentation mentioned the tls fields 'not_before' and 'not_after'
as possible custom fields for the tls events in our eve-log, whereas in fact the fields
themselves are written as 'notbefore' and 'notafter', which led to confusion for folks trying
to follow the documentation to parse our logs.
Our documentation: https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html#id10
Example check for our eve-log: https://github.com/OISF/suricata-verify/blob/master/tests/bug-2646-01/test.yaml#L20
Update our documentation to reflect what is seen in our logs.
JF Updated by Juliana Fajardini Reichow over 3 years ago
- Subject changed from userguide: update tls eve-log field 'not_before' and 'not_after' to userguide: update tls eve-log fields 'not_before' and 'not_after'
- Description updated (diff)
JF Updated by Juliana Fajardini Reichow over 3 years ago
- Affected Versions git main added
JF Updated by Juliana Fajardini Reichow over 3 years ago
- Target version changed from TBD to 7.0.0-rc2
PA Updated by Philippe Antoine over 3 years ago
Maybe https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html should link to etc/schema.json
JF Updated by Juliana Fajardini Reichow about 3 years ago
Something like that, or if we could add documentation to the schema itself? Would that work?
JF Updated by Juliana Fajardini Reichow about 3 years ago
- Label Needs backport added
VJ Updated by Victor Julien about 3 years ago
- Target version changed from 7.0.0-rc2 to 8.0.0-beta1
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Label Needs backport to 6.0, Needs backport to 7.0 added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from New to In Progress
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Related to Documentation #6288: eve/schema: generate tables of data for app-layer protocols added
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/9814
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6505 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport, Needs backport to 6.0, Needs backport to 7.0)
SB Updated by Shivani Bhardwaj over 2 years ago
- Label Needs backport to 6.0, Needs backport to 7.0 added
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6512 added
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6513 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 6.0)
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 7.0)
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from In Review to Resolved
Merged PR: https://github.com/OISF/suricata/pull/9814
JF Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from Resolved to Closed