git.ipfire.org Git - thirdparty/suricata.git/commit

author	Eric Leblond <eric@regit.org>
	Fri, 21 Apr 2017 17:42:04 +0000 (19:42 +0200)
committer	Jason Ish <ish@unx.ca>
	Wed, 31 Jan 2018 12:33:28 +0000 (06:33 -0600)
commit	6bf00ab2893f415d8cbca645cea8aef0ed5a2f66
tree	4a0b5c55c880a20a31162dda2ebb59cb9e9af7a9	tree
parent	1bd6d1c2094ad1a147b58fab3cb28cc3ff035b3b	commit \| diff

output-json-alert: conditionaly output metadata

Metadata of the signature can now conditionaly put in the alert
events. This will allow user to get more context about the events
generated by the alert.

detect-metadata: conditional parsing

Only parses metadata if an output module will use the information.
Patch also adds a unittest to check metadata is not parsed if not
asked to.

output-json-alert: optional output keys as array

Update rule metadata configuration to have an option to output
value as array. Also adds an option to log only a series of keys
as array. This is useful in the case of some ruleset where from
instance the `tag` key is used multiple time.

(Jason Ish) rule metadata: always log as lists

After review of rule metadata, we can't make assumptions
on what should be a list or not. So log everything as a list.

src/detect-engine.c		diff \| blob \| blame \| history
src/detect-engine.h		diff \| blob \| blame \| history
src/detect-metadata.c		diff \| blob \| blame \| history
src/output-json-alert.c		diff \| blob \| blame \| history
src/output-json-alert.h		diff \| blob \| blame \| history
src/output-json-drop.c		diff \| blob \| blame \| history
suricata.yaml.in		diff \| blob \| blame \| history