Skip to content

Output alert applayer v13.1#9797

Closed
catenacyber wants to merge 4 commits into
OISF:masterfrom
catenacyber:output-alert-applayer-v13.1
Closed

Output alert applayer v13.1#9797
catenacyber wants to merge 4 commits into
OISF:masterfrom
catenacyber:output-alert-applayer-v13.1

Conversation

@catenacyber
Copy link
Copy Markdown
Contributor

@catenacyber catenacyber commented Nov 16, 2023

Link to redmine tickets:
https://redmine.openinfosecfoundation.org/issues/3827
https://redmine.openinfosecfoundation.org/issues/5977
https://redmine.openinfosecfoundation.org/issues/6500
https://redmine.openinfosecfoundation.org/issues/6501
preliminary work for https://redmine.openinfosecfoundation.org/issues/5053 and app-layer plugins

Describe changes:

  • Fix setup-app-layer script so that it adds app-layer metadata to alerts
  • add krb5 metadata to alerts
  • add ftp metadata to alerts
  • add tftp metadata to alerts

After that, there is still to take from #8961

  • behavioral change for dns alert metadata
  • reusing these SimpleTxLogFunc from a JsonGenericLogger to remove many C files

#9768 with more commits introducing behavioral changes

SV_BRANCH=pr/1465

OISF/suricata-verify#1465

catenacyber and others added 4 commits November 16, 2023 10:01
@catenacyber
output/alert: rewrite code for app-layer properties
2efff72 
Especially fix setup-app-layer script to not forget this part

This allows, for simple loggers, to have a unique definition
of the actual logging function with the jsonbuilder.
This way, alerts, files, and app-layer event can share the code
to output the same data.

Ticket: OISF#3827
@catenacyber
output/ftp: have ftp properties in alerts
6591092 
Ticket: 6500
@catenacyber
output/tftp: have tftp properties in alerts
24c3c52 
Ticket: 6501
@catenacyber
output/krb5: have krb5 properties in alerts
5a0f41b 
Ticket: 5977
@catenacyber
Copy link
Copy Markdown
Contributor Author

catenacyber commented Nov 16, 2023

cc @jasonish

@catenacyber catenacyber mentioned this pull request Nov 16, 2023
Closed
@codecov
Copy link
Copy Markdown

codecov Bot commented Nov 16, 2023
edited
Loading

Codecov Report

Merging #9797 (5a0f41b) into master (6bb882c) will decrease coverage by 0.10%.
Report is 1 commits behind head on master.
The diff coverage is 95.78%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9797      +/-   ##
==========================================
- Coverage   82.45%   82.36%   -0.10%     
==========================================
  Files         968      968              
  Lines      273866   273717     -149     
==========================================
- Hits       225825   225454     -371     
- Misses      48041    48263     +222
Flag Coverage Δ
fuzzcorpus 64.19% <95.78%> (-0.27%) ⬇️
suricata-verify 60.99% <94.73%> (-0.03%) ⬇️
unittests 62.97% <0.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien added this to the 8.0 milestone Nov 17, 2023
@victorjulien victorjulien mentioned this pull request Nov 17, 2023
Closed
@suricata-qa
Copy link
Copy Markdown

suricata-qa commented Nov 18, 2023

Information: QA ran without warnings.

Pipeline 16616

This was referenced Nov 19, 2023
Closed
Closed
Closed
@catenacyber
Copy link
Copy Markdown
Contributor Author

catenacyber commented Nov 19, 2023

Simply rebased by by #9839 with fresh S-V tests referenced

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish jasonish approved these changes

@victorjulien victorjulien victorjulien approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

8.0

Development

Successfully merging this pull request may close these issues.

4 participants

@catenacyber @suricata-qa @jasonish @victorjulien