doc/quic: Add quic to eve json format

author Emmanuel Thompson <eet6646@gmail.com>

Mon, 23 Aug 2021 22:58:55 +0000 (18:58 -0400)

committer Victor Julien <vjulien@oisf.net>

Wed, 19 Jan 2022 13:10:50 +0000 (14:10 +0100)
author Emmanuel Thompson <eet6646@gmail.com>
Mon, 23 Aug 2021 22:58:55 +0000 (18:58 -0400)
committer Victor Julien <vjulien@oisf.net>
Wed, 19 Jan 2022 13:10:50 +0000 (14:10 +0100)
diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst

index 936e24f40c61854a8f6856f21fd90044d37b9725..523628fbcf09c2a33bf2b90a75a11ce09adb2b69 100644 (file)
--- a/doc/userguide/output/eve/eve-json-format.rst
+++ b/doc/userguide/output/eve/eve-json-format.rst
@@ -2067,3 +2067,32 @@ Example of Modbus logging of a request and response:
        "error_flags": "DATA_VALUE",
      },
    }
+
+Event type: QUIC
+-----------------
+
+Fields
+~~~~~~
+
+* "version": Version of the QUIC packet if contained in the packet, 0 if not
+* "cyu": List of found CYUs in the packet
+* "cyu[].hash": CYU hash
+* "cyu[].string": CYU string
+
+Examples
+~~~~~~~~
+
+Example of QUIC logging with a CYU hash:
+
+::
+
+
+  "quic": {
+    "version": 1362113590,
+    "cyu": [
+        {
+            "hash": "7b3ceb1adc974ad360cfa634e8d0a730",
+            "string": "46,PAD-SNI-STK-SNO-VER-CCS-NONC-AEAD-UAID-SCID-TCID-PDMD-SMHL-ICSL-NONP-PUBS-MIDS-SCLS-KEXS-XLCT-CSCT-COPT-CCRT-IRTT-CFCW-SFCW"
+        }
+    ]
+  }
author	Emmanuel Thompson <eet6646@gmail.com>
	Mon, 23 Aug 2021 22:58:55 +0000 (18:58 -0400)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 19 Jan 2022 13:10:50 +0000 (14:10 +0100)