Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output alert applayer v8.2 #9053

Closed
wants to merge 2 commits into from
Closed

Output alert applayer v8.2 #9053

wants to merge 2 commits into from

Conversation

catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jun 20, 2023
edited
Loading

Link to redmine ticket:
None, preliminary work for https://redmine.openinfosecfoundation.org/issues/5053 and app-layer plugins
Part of #8961 with rebase
Actually there is https://redmine.openinfosecfoundation.org/issues/3827

Describe changes:

  • Fix setup-app-layer script so that it adds app-layer metadata to alerts

After that, there is still from #8961

  • addition of protocols missing alert metadata (like krb5) + behavioral change for dns alert metadata
  • reusing these SimpleTxLogFunc from a JsonGenericLogger to remove many C files

Modifies #9034 by rebasing on top of #9052 that fixes files output for HTTP2

OISF/suricata-verify#1262

SV_BRANCH=pr/1262

catenacyber and others added 2 commits June 20, 2023 17:25
@catenacyber
output/file: http2 metdata is logged in http object
0f74204 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2

Ticket: OISF#6165
@catenacyber
output/alert: rewrite code for app-layer properties
0bd8486 
Especially fix setup-app-layer script to not forget this part
@catenacyber catenacyber mentioned this pull request Jun 20, 2023
Closed
@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW2_autofp_stats_chk
.flow.spare 1962782 1861724 94.85%

Pipeline 14744

@codecov
Copy link

codecov bot commented Jun 20, 2023
edited
Loading

Codecov Report

Merging #9053 (0bd8486) into master (643e674) will decrease coverage by 3.73%.
The diff coverage is 96.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9053      +/-   ##
==========================================
- Coverage   82.32%   78.60%   -3.73%     
==========================================
  Files         969      969              
  Lines      273655   273325     -330     
==========================================
- Hits       225292   214850   -10442     
- Misses      48363    58475   +10112
Flag Coverage Δ
fuzzcorpus 64.55% <96.00%> (+0.02%) ⬆️
suricata-verify ?
unittests 62.94% <0.00%> (+0.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@catenacyber catenacyber marked this pull request as draft June 29, 2023 08:59
@catenacyber
Copy link
Contributor Author

Converting to draft to focus on first merging #9052

@catenacyber catenacyber mentioned this pull request Jul 7, 2023
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #9182

@catenacyber catenacyber closed this Jul 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa