Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verdict eve field - 6.0.x backports - v3 #9311

Closed
wants to merge 3 commits into from
Closed

verdict eve field - 6.0.x backports - v3 #9311

wants to merge 3 commits into from

Conversation

jufajardini
Copy link
Contributor

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/5794

Previous PR: #9309

Describe changes:

  • remove unrelated commit about DHCP and IKE eve outputs, so one thing won't prevent the other from being approved

SV_BRANCH=pr/1336
OISF/suricata-verify#1336

@jufajardini
output/alert: add verdict field
755b2e3 
Related to
Bug OISF#5464

(cherry picked from commit 53b8def)
@jufajardini
output/drop: add verdict field
989e5a1 
Related to
Bug OISF#5464

(cherry picked from commit 0437173)
@jufajardini
userguide/eve: format and reorganize alert section
84fde71 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.

(cherry picked from commit 9900bdc)
@jufajardini jufajardini requested review from norg and a team as code owners July 31, 2023 20:15
@jufajardini jufajardini mentioned this pull request Jul 31, 2023
Closed
@suricata-qa
Copy link

Information:

field baseline test %
TREX_GENERIC_stats_chk
.capture.kernel_drops 0 6730 0.00

Pipeline 15461

victorjulien
victorjulien reviewed Aug 1, 2023
View reviewed changes
src/output-json-alert.c
@@ -572,6 +573,68 @@ static void AlertAddFiles(const Packet *p, JsonBuilder *jb, const uint64_t tx_id
}
}

bool PacketCheckAction(const Packet *p, const uint8_t a)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in master 6 we have been fixing things differently, I think you should use PACKET_TEST_ACTION instead

victorjulien
victorjulien reviewed Aug 1, 2023
View reviewed changes
suricata.yaml.in
@@ -250,6 +254,9 @@ outputs:
# alerts: yes # log alerts that caused drops
# flows: all # start or all: 'start' logs only a single drop
# # per flow direction. All logs each dropped pkt.
# Enable logging the final action taken on a packet by the engine
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the github review view this looks odd wrt formatting

@jufajardini jufajardini mentioned this pull request Aug 1, 2023
Merged
@jufajardini
Copy link
Contributor Author

Feedback incorporated in #9318

@jufajardini jufajardini closed this Aug 1, 2023
@jufajardini jufajardini deleted the backports-verdict/v3 branch August 2, 2023 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien left review comments

@norg norg Awaiting requested review from norg norg is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jufajardini @suricata-qa @victorjulien