From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Wed, 25 Jan 2017 13:11:49 +0000 (+0100)
Subject: doc: documentation for custom JSON flags in eve-log
X-Git-Tag: suricata-4.0.0-beta1~302
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a382259f8093a5ed1b7c0377f7190db4cea2d9e;p=thirdparty%2Fsuricata.git

doc: documentation for custom JSON flags in eve-log
---

diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 104fc10b46..a960e7e16c 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -246,3 +246,26 @@ For most output types, you can add multiple:
 
 Except for ``drop`` for which only a single logger instance is supported.
 
+JSON flags
+~~~~~~~~~~
+
+Several flags can be specified to control the JSON output in EVE:
+
+::
+
+  outputs:
+    - eve-log:
+        json:
+          # Sort object keys in the same order as they were inserted
+          preserve-order: yes
+
+          # Make the output more compact
+          compact: yes
+
+          # Escape all unicode characters outside the ASCII range
+          ensure-ascii: yes
+
+          # Escape the '/' characters in string with '\/'
+          escape-slash: yes
+
+All these flags are enabled by default, and can be modified per EVE instance.