From: Jeff Lucovsky Date: Thu, 3 Oct 2019 03:49:36 +0000 (-0700) Subject: doc/anomaly Remove event_no X-Git-Tag: suricata-5.0.0~118 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44a59b78c7d98ec69454dcf67917baf912649b1e;p=thirdparty%2Fsuricata.git doc/anomaly Remove event_no --- diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst index d5362d6a15..9d27706be8 100644 --- a/doc/userguide/output/eve/eve-json-format.rst +++ b/doc/userguide/output/eve/eve-json-format.rst @@ -130,13 +130,10 @@ Fields * "code" If "type" is "unknown", than "code" contains the unrecognized event code. Otherwise, this field is not present. -The following fields are included when "type" has the value "applayer": +The following field is included when "type" has the value "applayer": * "layer" Indicates the handling layer that detected the event. This will be "proto_parser" (protocol parser), "proto_detect" (protocol detection) or "parser." -* "event_no" This is an informational only field indicating the total number of events - detected and the ordinal number of the event being reported. It is presented as "N (of M)" - where "N" is the ordinal number of the event and "M" is the total number of events detected. When ``packethdr`` is enabled, the first 32 bytes of the packet are included as a byte64-encoded blob in the main part of record. This applies to events of "type" "packet" or "stream" only. @@ -199,7 +196,6 @@ Examples "anomaly": { "type": "applayer", "event": "APPLAYER_DETECT_PROTOCOL_ONLY_ONE_DIRECTION", - "event_no": "1 (of 1)", "layer": "proto_detect" } } @@ -219,7 +215,6 @@ Examples "anomaly": { "type": "applayer", "event": "INVALID_RECORD_TYPE", - "event_no": "1 (of 3)", "layer": "proto_parser" } }