Skip to content

Comments

Output alert applayer v4#8893

Closed
catenacyber wants to merge 28 commits intoOISF:masterfrom
catenacyber:output-alert-applayer-v4
Closed

Output alert applayer v4#8893
catenacyber wants to merge 28 commits intoOISF:masterfrom
catenacyber:output-alert-applayer-v4

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented May 17, 2023

Link to redmine ticket:
None, preliminary work for https://redmine.openinfosecfoundation.org/issues/5053 and app-layer plugins
Continuation of #8772

Describe changes:

  • Fix setup-app-layer script so that it adds app-layer metadata to alerts
  • Adds ftp metadata to alerts
  • Adds tftp metadata to alerts
  • Adds krb5 metadata to alerts
  • Removes tx_id from ssh and http2 logging

Continues #8884 by removing tx_id from ssh and http2 logging

SV_BRANCH=pr/1196

OISF/suricata-verify#1196

Still to do :

  • Create tickets for missing protocols : pgsql, dcerpc, dhcp,
  • Any ideas about the commit segmentation ?

Especially fix setup-app-layer script to not forget this part
and used by bittorrent
And fix setup app layer script up for it
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 13820

@codecov
Copy link

codecov bot commented May 18, 2023

Codecov Report

Merging #8893 (d544917) into master (3247e39) will decrease coverage by 3.56%.
The diff coverage is 84.24%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #8893      +/-   ##
==========================================
- Coverage   82.30%   78.74%   -3.56%     
==========================================
  Files         969      957      -12     
  Lines      273335   272587     -748     
==========================================
- Hits       224960   214654   -10306     
- Misses      48375    57933    +9558     
Flag Coverage Δ
fuzzcorpus 64.73% <84.24%> (+0.14%) ⬆️
suricata-verify ?
unittests 63.07% <24.84%> (+0.12%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@catenacyber
Copy link
Contributor Author

Well the change for ssh from LOG_DIR_FLOW to LOG_DIR_PACKET seems to imply changes

@catenacyber
Copy link
Contributor Author

Replaced by #8922

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants