suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

mqtt: enable limiting of logged message length - v2

Open satta opened this issue 9 months ago • 3 comments

Previous PR: #11053

Changes to previous PR:

  • Add new suricata.yaml options to EVE Output documentation page.
  • Update example outputs section in documentation.

Ticket

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6984

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1826

satta avatar May 12 '24 21:05 satta

Codecov Report

Attention: Patch coverage is 81.94444% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 83.65%. Comparing base (abb7424) to head (aa47dca).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11054      +/-   ##
==========================================
+ Coverage   80.63%   83.65%   +3.01%     
==========================================
  Files         922      922              
  Lines      250137   250338     +201     
==========================================
+ Hits       201699   209417    +7718     
+ Misses      48438    40921    -7517
Flag Coverage Δ
fuzzcorpus 64.33% <33.33%> (+0.06%) :arrow_up:
livemode 18.42% <13.33%> (-0.14%) :arrow_down:
suricata-verify 62.75% <56.66%> (?)
unittests 62.26% <62.50%> (-0.01%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar May 12 '24 21:05 codecov[bot]

Are there other MQTT fields that should go into this limitation ? Like topics...

catenacyber avatar May 14 '24 10:05 catenacyber

  • Doc update : @jufajardini what do you think about the commit doc: update example outputs section ? How should we make sure we do not lag behind again, as I did not add websocket-payload for instance

For our devguide, we use the literalinclude sphinx directive, which allows one to quote from an existing file, passing some parameters to define what should be included. (cf https://www.sphinx-doc.org/en/master/usage/restructuredtext/directives.html#directive-literalinclude). Example: https://docs.suricata.io/en/latest/devguide/extending/app-layer/app-layer-frames.html#id2

I wonder if something like that could be used with our suricata.yaml file, and then we'd reference that, instead of the partials file.

jufajardini avatar May 14 '24 19:05 jufajardini

Never mind the push, will send new MR soon

satta avatar May 27 '24 21:05 satta

Next PR: #11194

satta avatar May 31 '24 09:05 satta