From: Emmanuel Thompson <eet6646@gmail.com>
Date: Mon, 23 Aug 2021 22:58:55 +0000 (-0400)
Subject: doc/quic: Add quic to eve json format
X-Git-Tag: suricata-7.0.0-beta1~1008
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9ad60e76618da183918d1b9b52baf1dfc82d3ed3;p=thirdparty%2Fsuricata.git

doc/quic: Add quic to eve json format
---

diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst
index 936e24f40c..523628fbcf 100644
--- a/doc/userguide/output/eve/eve-json-format.rst
+++ b/doc/userguide/output/eve/eve-json-format.rst
@@ -2067,3 +2067,32 @@ Example of Modbus logging of a request and response:
       "error_flags": "DATA_VALUE",
     },
   }
+
+Event type: QUIC
+-----------------
+
+Fields
+~~~~~~
+
+* "version": Version of the QUIC packet if contained in the packet, 0 if not
+* "cyu": List of found CYUs in the packet
+* "cyu[].hash": CYU hash
+* "cyu[].string": CYU string
+
+Examples
+~~~~~~~~
+
+Example of QUIC logging with a CYU hash:
+
+::
+
+
+  "quic": {
+    "version": 1362113590,
+    "cyu": [
+        {
+            "hash": "7b3ceb1adc974ad360cfa634e8d0a730",
+            "string": "46,PAD-SNI-STK-SNO-VER-CCS-NONC-AEAD-UAID-SCID-TCID-PDMD-SMHL-ICSL-NONP-PUBS-MIDS-SCLS-KEXS-XLCT-CSCT-COPT-CCRT-IRTT-CFCW-SFCW"
+        }
+    ]
+  }