Documentation #6096
openeve/app-layer: generate example eve-log for each protocol
Description
Instead of hard-coding in output examples for each protocol, we should generate from Suricata-Verify.
A possible way to do this is:
- Tag SV tests in such a way as examples, also provide their protocol name. This could allow existing tests be used.
- Periodically a script is run that runs SV and gathers sample output from tests and copies distinct records into files in the userguide.
- The userguide can then include these files.
Ideally SV tests that are tagged as examples are as complete as possible, containing all documented fields, however this might not always be possible.
Also allow for more than one example per protocol, as often multiple examples are needed to see request and response, or different message types.
The pcaps should be samll, and added to the Suricata repo, so the example documentation can be generated without an external repo like suricata-verify.
Updated by Jason Ish about 2 years ago
- Subject changed from app-layer: generate example eve-log for each protocol to eve/app-layer: generate example eve-log for each protocol
Updated by Victor Julien about 2 months ago
- Target version changed from 8.0.0-rc1 to 8.0.0
Updated by Victor Julien about 1 month ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Peter Manev
Updated by Peter Manev 9 days ago
What we agreed with Jason as a first step is to add example logs, then provide corresponding public pcaps and as a third step automate the process to be done/generated per release.