Skip to content

output/alert: rewrite code for app-layer properties#9768

Closed
catenacyber wants to merge 1 commit intoOISF:masterfrom
catenacyber:output-alert-applayer-v13
Closed

output/alert: rewrite code for app-layer properties#9768
catenacyber wants to merge 1 commit intoOISF:masterfrom
catenacyber:output-alert-applayer-v13

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Nov 10, 2023

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3827
preliminary work for https://redmine.openinfosecfoundation.org/issues/5053 and app-layer plugins
preliminary work for https://redmine.openinfosecfoundation.org/issues/5977 as well
Part of #8961

Describe changes:

  • Fix setup-app-layer script so that it adds app-layer metadata to alerts

After that, there is still from #8961

  • addition of protocols missing alert metadata (like krb5) + behavioral change for dns alert metadata
  • reusing these SimpleTxLogFunc from a JsonGenericLogger to remove many C files

#9511 with rebase and enhanced commit message

@catenacyber
output/alert: rewrite code for app-layer properties
c2693d4 
Especially fix setup-app-layer script to not forget this part

This allows, for simple loggers, to have a unique definition
of the actual logging function with the jsonbuilder.
This way, alerts, files, and app-layer event can share the code
to output the same data.

Ticket: OISF#3827
@catenacyber catenacyber mentioned this pull request Nov 10, 2023
Closed
@codecov
Copy link

codecov bot commented Nov 10, 2023

Codecov Report

Merging #9768 (c2693d4) into master (46a46e5) will decrease coverage by 0.09%.
The diff coverage is 96.47%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9768      +/-   ##
==========================================
- Coverage   82.39%   82.31%   -0.09%     
==========================================
  Files         968      968              
  Lines      273871   273727     -144     
==========================================
- Hits       225653   225315     -338     
- Misses      48218    48412     +194
Flag Coverage Δ
fuzzcorpus 64.14% <96.47%> (-0.15%) ⬇️
suricata-verify 60.98% <95.29%> (-0.01%) ⬇️
unittests 62.97% <0.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

suricata-qa commented Nov 10, 2023

Information: QA ran without warnings.

Pipeline 16441

@jasonish
Copy link
Member

jasonish commented Nov 12, 2023

  • addition of protocols missing alert metadata (like krb5) + behavioral change for dns alert metadata

Is there a ticket for this? I'm also working on a fix for DNS metadata in alerts: https://redmine.openinfosecfoundation.org/issues/6281

@catenacyber
Copy link
Contributor Author

catenacyber commented Nov 13, 2023

Is there a ticket for this? I'm also working on a fix for DNS metadata in alerts: https://redmine.openinfosecfoundation.org/issues/6281

https://redmine.openinfosecfoundation.org/issues/5977 for krb5 and there are other for other protocols

This was referenced Nov 16, 2023
Closed
Closed
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Nov 19, 2023

Continued in #9839

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@victorjulien victorjulien Awaiting requested review from victorjulien

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @jasonish

Comments