Project

General

Profile

Actions

Documentation #5494

open

userguide: update tls eve-log fields 'not_before' and 'not_after'

Added by Juliana Fajardini Reichow 10 months ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport

Description

It was reported that our documentation mentioned the tls fields 'not_before' and 'not_after'
as possible custom fields for the tls events in our eve-log, whereas in fact the fields
themselves are written as 'notbefore' and 'notafter', which led to confusion for folks trying
to follow the documentation to parse our logs.

Our documentation: https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html#id10
Example check for our eve-log: https://github.com/OISF/suricata-verify/blob/master/tests/bug-2646-01/test.yaml#L20

Update our documentation to reflect what is seen in our logs.

Actions #1

Updated by Juliana Fajardini Reichow 10 months ago

  • Subject changed from userguide: update tls eve-log field 'not_before' and 'not_after' to userguide: update tls eve-log fields 'not_before' and 'not_after'
  • Description updated (diff)
Actions #2

Updated by Juliana Fajardini Reichow 10 months ago

  • Affected Versions git master added
Actions #3

Updated by Juliana Fajardini Reichow 6 months ago

  • Target version changed from TBD to 7.0.0-rc2
Actions #5

Updated by Juliana Fajardini Reichow 4 months ago

Something like that, or if we could add documentation to the schema itself? Would that work?

Actions #6

Updated by Juliana Fajardini Reichow 4 months ago

  • Label Needs backport added
Actions #7

Updated by Victor Julien 4 months ago

  • Target version changed from 7.0.0-rc2 to 8.0.0-beta1
Actions

Also available in: Atom PDF