[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.0-beta1-65-g6226338

OISF Git noreply at openinfosecfoundation.org
Mon Jun 26 16:31:39 UTC 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  6226338d5b830c20397bc41d02ed8937c1ff43e6 (commit)
       via  9e581436a7d47043ec9264fdfe76ee19a4766b53 (commit)
       via  66da9d0ba68dade5decae23349b8f564b5616c3a (commit)
       via  ef88689f1e82d3ae6ce41efa047dd82496ee055d (commit)
       via  da9005c404f281badd3bb4ccee675560fae2d359 (commit)
      from  61d9f4bb0a947d39d409fd0ebbb3aa1d8374a51a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6226338d5b830c20397bc41d02ed8937c1ff43e6
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Jun 26 13:53:22 2017 +0200

    eve/alert: redo option parsing
    
    Clean up option parsing. Allow options to be disabled as well as
    enabled.
    
    E.g.
        metadata: true
        flow: false
    
    The metadata setting will enable all. Then flow is disabled.

commit 9e581436a7d47043ec9264fdfe76ee19a4766b53
Author: Eric Leblond <eric at regit.org>
Date:   Thu Jun 22 09:20:05 2017 +0200

    doc: info about new config for alert events in EVE

commit 66da9d0ba68dade5decae23349b8f564b5616c3a
Author: Eric Leblond <eric at regit.org>
Date:   Mon Jun 26 10:41:11 2017 +0200

    output-json-alert: rename applayer to metadata

commit ef88689f1e82d3ae6ce41efa047dd82496ee055d
Author: Eric Leblond <eric at regit.org>
Date:   Thu Jun 22 09:15:00 2017 +0200

    doc: add app_proto to alert event

commit da9005c404f281badd3bb4ccee675560fae2d359
Author: Eric Leblond <eric at regit.org>
Date:   Wed Jun 21 19:50:11 2017 +0200

    output-json-alert: add app_proto or flow to events
    
    This patch adds a partial flow entry in the alert event
    (if applayer or flow is selected) or simply app_proto if
    it is not.
    
    app_proto is useful as filter and aggregation field. And
    the partial flow entry contains more information about the
    proto as well as some volumetry info.

-----------------------------------------------------------------------

Summary of changes:
 doc/userguide/output/eve/eve-json-format.rst |   1 +
 doc/userguide/output/eve/eve-json-output.rst |  12 +++
 src/output-json-alert.c                      | 114 +++++++++++----------------
 src/output-json-flow.c                       |  33 ++++----
 src/output-json-flow.h                       |   3 +
 suricata.yaml.in                             |   3 +-
 6 files changed, 83 insertions(+), 83 deletions(-)


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list