From: Jason Ish Date: Wed, 24 May 2023 19:15:55 +0000 (-0600) Subject: doc/userguide: merge logging changes in 7.0 upgrade notes X-Git-Tag: suricata-7.0.0-rc2~115 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a71dee5516276a90319682b38d100d5196a02436;p=thirdparty%2Fsuricata.git doc/userguide: merge logging changes in 7.0 upgrade notes Two "Logging changes" sections existed, merge. --- diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index f1e8b7233d..9cd66b2ab1 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -57,6 +57,9 @@ Logging changes ``ike.ikev2.errors`` and ``ike.ikev2.notify``. - FTP DATA metadata for alerts are now logged in ``ftp_data`` instead of root. - Alert ``xff`` field is now logged as ``alert.xff`` for alerts instead of at the root. +- Protocol values and their names are built into Suricata instead of using the system's ``/etc/protocols`` file. Some names and casing may have changed + in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values. + See https://redmine.openinfosecfoundation.org/issues/4267 for more information. Other changes ~~~~~~~~~~~~~ @@ -66,12 +69,6 @@ Other changes - SWF decompression in http has been disabled by default. To change the default see :ref:`suricata-yaml-configure-libhtp`. Users with configurations from previous releases may want to modify their config to match the new default. See https://redmine.openinfosecfoundation.org/issues/5632 for more information. -Logging changes -~~~~~~~~~~~~~~~ -- Protocol values and their names are built into Suricata instead of using the system's ``/etc/protocols`` file. Some names and casing may have changed - in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values. - See https://redmine.openinfosecfoundation.org/issues/4267 for more information. - Upgrading 5.0 to 6.0 -------------------- - SIP now enabled by default