doc: document file-store v1 to v2 configuration changes

diff --git a/doc/userguide/file-extraction/config-update.rst b/doc/userguide/file-extraction/config-update.rst
index 1562ac86ecf51b0efbbe429688865f93460c3d04..5c3c180789be3aec0d45f647facb73cd486ea7a4 100644 (file)
--- a/doc/userguide/file-extraction/config-update.rst
+++ b/doc/userguide/file-extraction/config-update.rst
@@ -1,3 +1,5 @@
+.. _filestore-update-v1-to-v2:
+
 Update File-store v1 Configuration to V2
 ========================================
 

diff --git a/doc/userguide/file-extraction/file-extraction.rst b/doc/userguide/file-extraction/file-extraction.rst
index 45fd4e93edf9c243f725ae7f112641ec110c61db..6c4a18b5bb82c419f199a832ed55783f3e3d11e5 100644 (file)
--- a/doc/userguide/file-extraction/file-extraction.rst
+++ b/doc/userguide/file-extraction/file-extraction.rst
@@ -1,3 +1,5 @@
+.. _File Extraction:
+
 File Extraction
 ===============
 
@@ -66,7 +68,6 @@ of the filename. For example, if the SHA256 hex string of an extracted
 file starts with "f9bc6d..." the file we be placed in the directory
 `filestore/f9`.
 
-
 The size of a file that can be stored depends on ``file-store.stream-depth``,
 if this value is reached a file can be truncated and might not be stored completely.
 If not enabled, ``stream.reassembly.depth`` will be considered.
@@ -103,30 +104,7 @@ logged to the ``eve`` output.
 See :ref:`suricata-yaml-file-store` for more information on
 configuring the file-store output.
 
-.. note:: This section documents version 2 of the ``file-store``.
-
-File-Store (Version 1)
-----------------------
-
-.. note:: File-store version 1 has been deprecated and will be removed
-          by June 2020. Please use file-store v2 instead. Please see
-          the `deprecation policy`_ for more information.
-
-::
-
-  - file-store:
-      enabled: yes        # set to yes to enable
-      log-dir: files      # directory to store the files
-      force-magic: no     # force logging magic on all stored files
-      force-hash: [md5]   # force logging of md5 checksums
-      force-filestore: no # force storing of all files
-      stream-depth: 1mb   # reassemble 1mb into a stream, set to no to disable
-      waldo: file.waldo   # waldo file to store the file_id across runs
-      max-open-files: 0   # how many files to keep open (O means none)
-      write-meta: yes     # write a .meta file if set to yes
-      include-pid: yes    # include the pid in filenames if set to yes.
-
-Each file that is stored will have a name "file.<id>". The id will be reset and files will be overwritten unless the waldo option is used. A "file.<id>.meta" file is generated containing file metadata if write-meta is set to yes (default). If the include-pid option is set, the files will instead have a name "file.<pid>.<id>", and metafiles will be "file.<pid>.<id>.meta". Files will additionally have the suffix ".tmp" while they are open, which is only removed when they are finalized.
+.. note:: This section documents version 2 of the ``file-store``. Version 1 of the file-store has been removed as of Suricata version 6.
 
 Rules
 ~~~~~
@@ -195,4 +173,9 @@ Suricata can calculate MD5 checksums of files on the fly and log them. See :doc:
    md5
    public-sha1-md5-data-sets
 
-.. _deprecation policy: https://suricata-ids.org/about/deprecation-policy/
+Updating Filestore Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+
+   config-update

diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst
index c2031afbf067e95e21390a37df74022d3218420f..da47fced17df3e3b816a937f2e6e551c1b7a0c0e 100644 (file)
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -30,6 +30,12 @@ by the ones Suricata supplies.
 Major updates include new features, new default settings and often also
 remove features.
 
+Upgrading 5.0 to 6.0
+--------------------
+
+Removals
+~~~~~~~~
+- File-store v1 has been removed. If using file extraction, the file-store configuration will need to be updated to version 2. See :ref:`filestore-update-v1-to-v2`.
 
 Upgrading 4.1 to 5.0
 --------------------