doc/userguide: merge logging changes in 7.0 upgrade notes

Two "Logging changes" sections existed, merge.

diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst
index f1e8b7233d0348847a6ee26c9a9d0efbb3106e6f..9cd66b2ab13c075792af88066312f9fa53f40e86 100644 (file)
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -57,6 +57,9 @@ Logging changes
   ``ike.ikev2.errors`` and ``ike.ikev2.notify``.
 - FTP DATA metadata for alerts are now logged in ``ftp_data`` instead of root.
 - Alert ``xff`` field is now logged as ``alert.xff`` for alerts instead of at the root.
+- Protocol values and their names are built into Suricata instead of using the system's ``/etc/protocols`` file. Some names and casing may have changed
+  in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values.
+  See https://redmine.openinfosecfoundation.org/issues/4267 for more information.
 
 Other changes
 ~~~~~~~~~~~~~
@@ -66,12 +69,6 @@ Other changes
 - SWF decompression in http has been disabled by default. To change the default see :ref:`suricata-yaml-configure-libhtp`. Users with configurations from previous releases may want to modify their config to match the new default.
   See https://redmine.openinfosecfoundation.org/issues/5632 for more information.
 
-Logging changes
-~~~~~~~~~~~~~~~
-- Protocol values and their names are built into Suricata instead of using the system's ``/etc/protocols`` file. Some names and casing may have changed
-  in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values.
-  See https://redmine.openinfosecfoundation.org/issues/4267 for more information.
-
 Upgrading 5.0 to 6.0
 --------------------
 - SIP now enabled by default