doc/tls: Add documentation for TLS logging

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index 67299f47ecf51cae7afc211bd48fb1ba58d9548b..70c1a1e036601a7e7c4cadc0aa8c5254f6e4b2a4 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -388,6 +388,27 @@ For more advanced configuration options, see :ref:`Eve JSON Output <eve-json-out
 
 The format is documented in :ref:`Eve JSON Format <eve-json-format>`.
 
+TLS parameters and certificates logging (tls.log)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The TLS handshake parameters can be logged in a line based log as well.
+By default, the logfile is `tls.log` in the suricata log directory.
+See :ref:`Custom TLS logging <output-custom-tls-logging>` for details
+about the configuration and customization of the log format.
+
+Furthermore there is an output module to store TLS certificate files to
+disk. This is similar to :ref:`File-store (File Extraction)
+<suricata-yaml-file-store>`, but for TLS certificates.
+
+Example:
+
+::
+
+  # output module to store certificates chain to disk
+  - tls-store:
+      enabled: yes
+      #certs-log-dir: certs # directory to store the certificates files
+
 A line based log of HTTP requests (http.log)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/doc/userguide/output/custom-tls-logging.rst b/doc/userguide/output/custom-tls-logging.rst
index 74cdb0f1275546b9237c35b644d451f585e16313..18af79ce14c9c82797f69f128e911fe47fd6d5b7 100644 (file)
--- a/doc/userguide/output/custom-tls-logging.rst
+++ b/doc/userguide/output/custom-tls-logging.rst
@@ -1,3 +1,5 @@
+.. _output-custom-tls-logging:
+
 Custom tls logging
 ===================