Project

General

Profile

Actions
Copy link

Documentation #6096

open
JI PM

eve/app-layer: generate example eve-log for each protocol

Documentation #6096: eve/app-layer: generate example eve-log for each protocol

Added by Jason Ish almost 3 years ago. Updated 7 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Peter Manev
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Instead of hard-coding in output examples for each protocol, we should generate from Suricata-Verify.

A possible way to do this is:

- Tag SV tests in such a way as examples, also provide their protocol name. This could allow existing tests be used.
- Periodically a script is run that runs SV and gathers sample output from tests and copies distinct records into files in the userguide.
- The userguide can then include these files.

Ideally SV tests that are tagged as examples are as complete as possible, containing all documented fields, however this might not always be possible.
Also allow for more than one example per protocol, as often multiple examples are needed to see request and response, or different message types.

The pcaps should be samll, and added to the Suricata repo, so the example documentation can be generated without an external repo like suricata-verify.

Subtasks 2 (2 open0 closed)

Documentation #6097: eve/dhcp: generate example dhcp outputAssignedJason IshActions
Documentation #6098: eve/dns: generate example dns outputAssignedJason IshActions

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #1

  • Subtask #6097 added

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #2

  • Subtask #6098 added

JI Updated by Jason Ish almost 3 years ago Actions
Copy link
 #3

  • Subject changed from app-layer: generate example eve-log for each protocol to eve/app-layer: generate example eve-log for each protocol

JI Updated by Jason Ish about 1 year ago Actions
Copy link
 #4

  • Description updated (diff)

JI Updated by Jason Ish about 1 year ago Actions
Copy link
 #5

  • Target version changed from TBD to 8.0.0-rc1

VJ Updated by Victor Julien 11 months ago Actions
Copy link
 #6

  • Target version changed from 8.0.0-rc1 to 8.0.0

VJ Updated by Victor Julien 11 months ago Actions
Copy link
 #7

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Peter Manev

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #8

  • Target version changed from 8.0.0 to 8.0.1

PM Updated by Peter Manev 10 months ago Actions
Copy link
 #9

What we agreed with Jason as a first step is to add example logs, then provide corresponding public pcaps and as a third step automate the process to be done/generated per release.

VJ Updated by Victor Julien 8 months ago Actions
Copy link
 #10

  • Target version changed from 8.0.1 to 8.0.2

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #11

  • Target version changed from 8.0.2 to 9.0.0-beta1
Actions
Copy link

Also available in: PDF Atom