From: Victor Julien <victor@inliniac.net>
Date: Thu, 12 Sep 2019 14:42:31 +0000 (+0200)
Subject: doc/eve.anomaly: fix indent and general formatting
X-Git-Tag: suricata-5.0.0-rc1~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df325d63ea2bf0500bf9e199b421c14582fd9c97;p=thirdparty%2Fsuricata.git

doc/eve.anomaly: fix indent and general formatting
---

diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 081f4687b8..77feb21905 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -97,32 +97,33 @@ Anomalies are reported by and configured by type:
 
 Metadata::
 
-	- anomaly:
-		# Anomaly log records describe unexpected conditions such as truncated packets, packets
-        #  with invalid IP/UDP/TCP length values, and other events that render the packet
-        # invalid for further processing or describe unexpected behavior on an established stream.
-        # Networks which experience high occurrences of anomalies may experience packet processing
-        # degradation.
-		#
-		# Anomalies are reported for the following:
-		# 1. Decode: Values and conditions that are detected while decoding individual packets.
-        # This includes invalid or unexpected values for low-level protocol lengths as well
-        # as stream related events (TCP 3-way handshake issues, unexpected sequence number, etc).
-		# 2. Stream: This includes stream related events (TCP 3-way handshake issues, unexpected
-        # sequence number, etc).
-		# 3. Application layer: These denote application layer specific conditions that are unexpected,
-        # invalid or are unexpected given the application monitoring state.
-		#
-		# By default, anomaly logging is disabled. When anomaly logging is enabled, application-layer anomaly
-		# reporting is enabled.
-		#
-		# Choose one or both types of anomaly logging and whether to enable
-		# logging of the packet header for packet anomalies.
-		types:
-		  #decode: no
-		  #stream: no
-		  #applayer: yes
-		#packethdr: no
+    - anomaly:
+        # Anomaly log records describe unexpected conditions such as truncated packets,
+        # packets with invalid IP/UDP/TCP length values, and other events that render
+        # the packet invalid for further processing or describe unexpected behavior on
+        # an established stream. Networks which experience high occurrences of
+        # anomalies may experience packet processing degradation.
+        #
+        # Anomalies are reported for the following:
+        # 1. Decode: Values and conditions that are detected while decoding individual
+        #    packets. This includes invalid or unexpected values for low-level protocol
+        #    lengths as well.
+        # 2. Stream: This includes stream related events (TCP 3-way handshake issues,
+        #    unexpected sequence number, etc).
+        # 3. Application layer: These denote application layer specific conditions that
+        #    are unexpected, invalid or are unexpected given the application monitoring
+        #    state.
+        #
+        # By default, anomaly logging is disabled. When anomaly logging is enabled,
+        # application-layer anomaly reporting is enabled.
+        #
+        # Choose one or both types of anomaly logging and whether to enable
+        # logging of the packet header for packet anomalies.
+        types:
+          #decode: no
+          #stream: no
+          #applayer: yes
+        #packethdr: no
 
 HTTP
 ~~~~