Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output alert applayer v15 #9851

Merged
merged 4 commits into from
Nov 21, 2023
Merged

Output alert applayer v15 #9851

merged 4 commits into from
Nov 21, 2023

Conversation

catenacyber
Copy link
Contributor

Link to redmine tickets:
https://redmine.openinfosecfoundation.org/issues/3827
https://redmine.openinfosecfoundation.org/issues/5977
https://redmine.openinfosecfoundation.org/issues/6500
https://redmine.openinfosecfoundation.org/issues/6501
preliminary work for https://redmine.openinfosecfoundation.org/issues/5053 and app-layer plugins

Describe changes:

  • Fix setup-app-layer script so that it adds app-layer metadata to alerts
  • add krb5 metadata to alerts
  • add ftp metadata to alerts
  • add tftp metadata to alerts

After that, there is still to take from #9812

  • behavioral change for dns alert metadata
  • reusing these SimpleTxLogFunc from a JsonGenericLogger to remove many C files

#9839 rwith some renaming

SV_BRANCH=pr/1482

OISF/suricata-verify#1482

catenacyber and others added 4 commits November 20, 2023 21:53
@catenacyber
output/alert: rewrite code for app-layer properties
0b6b015 
Especially fix setup-app-layer script to not forget this part

This allows, for simple loggers, to have a unique definition
of the actual logging function with the jsonbuilder.
This way, alerts, files, and app-layer event can share the code
to output the same data.

Ticket: OISF#3827
@catenacyber
output/ftp: have ftp properties in alerts
3b1b163 
Ticket: 6500
@catenacyber
output/tftp: have tftp properties in alerts
8a09bff 
Ticket: 6501
@catenacyber
output/krb5: have krb5 properties in alerts
e38b9de 
Ticket: 5977
@catenacyber catenacyber mentioned this pull request Nov 20, 2023
Closed
@codecov Codecov
Copy link

codecov bot commented Nov 20, 2023

Codecov Report

Merging #9851 (e38b9de) into master (90c1765) will decrease coverage by 0.02%.
The diff coverage is 95.78%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9851      +/-   ##
==========================================
- Coverage   82.47%   82.45%   -0.02%     
==========================================
  Files         973      973              
  Lines      273962   273813     -149     
==========================================
- Hits       225944   225771     -173     
- Misses      48018    48042      +24
Flag Coverage Δ
fuzzcorpus 64.35% <95.78%> (-0.03%) ⬇️
suricata-verify 61.06% <94.73%> (-0.05%) ⬇️
unittests 62.91% <0.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW2_autofp_stats_chk
.flow.spare 1962448 1841062 93.81%

Pipeline 16663

@victorjulien victorjulien added this to the 8.0 milestone Nov 21, 2023
@victorjulien victorjulien mentioned this pull request Nov 21, 2023
Merged
@victorjulien victorjulien merged commit e38b9de into OISF:master Nov 21, 2023
@victorjulien
Copy link
Member

Merged in #9853, thanks!

This was referenced Nov 21, 2023
Closed
Closed
Closed
This was referenced Apr 13, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @victorjulien