Project

General

Profile

Documentation #5494

Updated by Juliana Fajardini Reichow over 2 years ago

It was reported that our documentation mentioned the tls fields 'not_before' and 'not_after'  
 as possible custom fields for the tls events in our eve-log, whereas in fact the fields  
 themselves are written as 'notbefore' and 'notafter', which led to confusion for folks trying 
  to follow the documentation to parse our logs. 

 Our documentation: https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html#id10 
 Example check for our eve-log: https://github.com/OISF/suricata-verify/blob/master/tests/bug-2646-01/test.yaml#L20 

 Update our documentation to reflect what is seen in our logs.

Back