Skip to content

output/alert: rewrite code for app-layer properties#9034

Closed
catenacyber wants to merge 2 commits intoOISF:masterfrom
catenacyber:output-alert-applayer-v7.2
Closed

output/alert: rewrite code for app-layer properties#9034
catenacyber wants to merge 2 commits intoOISF:masterfrom
catenacyber:output-alert-applayer-v7.2

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jun 16, 2023

Link to redmine ticket:
None, preliminary work for https://redmine.openinfosecfoundation.org/issues/5053 and app-layer plugins
Part of #8961 with rebase

Describe changes:

  • Fix setup-app-layer script so that it adds app-layer metadata to alerts

After that, there is still from #8961

  • addition of protocols missing alert metadata (like krb5) + behavioral change for dns alert metadata
  • reusing these SimpleTxLogFunc from a JsonGenericLogger to remove many C files

Modifies #9005 by making logger functions opening the object + reusing HTTP2 logger for file output

@catenacyber catenacyber requested a review from jasonish as a code owner June 16, 2023 09:50
@catenacyber catenacyber requested review from a team and victorjulien as code owners June 16, 2023 09:50
@catenacyber catenacyber mentioned this pull request Jun 16, 2023
Closed
@catenacyber
output/alert: rewrite code for app-layer properties
ef8ef57 
Especially fix setup-app-layer script to not forget this part
@catenacyber catenacyber force-pushed the output-alert-applayer-v7.2 branch from cc2b88a to ef8ef57 Compare June 16, 2023 10:53
@catenacyber
output/file: http2 metdata is logged in http object
35a2333 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2
@suricata-qa
Copy link

suricata-qa commented Jun 16, 2023

Information: QA ran without warnings.

Pipeline 14682

@suricata-qa
Copy link

suricata-qa commented Jun 17, 2023

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.flow.memuse 521438120 576099552 110.48%

Pipeline 14718

@catenacyber catenacyber marked this pull request as draft June 20, 2023 15:30
This was referenced Jun 20, 2023
Closed
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Jun 20, 2023

Replaced by #9053

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@victorjulien victorjulien Awaiting requested review from victorjulien

Assignees

@jasonish jasonish

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @jasonish

Comments