Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend Suricata support #8372

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Extend Suricata support #8372

wants to merge 1 commit into from

Conversation

0xThiebaut
Copy link

@0xThiebaut 0xThiebaut commented Feb 22, 2025
edited
Loading

Extend Suricata support in OPNsense to increase the monitoring capabilities (e.g., integrate with Malcolm)

Features:

  • Extend support for EVE log, supporting all available protocols (RDP, DNS, ...).
  • Add support for PCAP logs.

Subsequent changes:

  • Update configuration template to align with Suricata 7.0.8 (e.g., add new fields such as ja4).
  • Disable stats.log (stats can be enabled in EVE).
  • Add migration logic.

@0xThiebaut 0xThiebaut marked this pull request as ready for review February 23, 2025 11:30
@0xThiebaut 0xThiebaut force-pushed the suricata branch 2 times, most recently from fff9706 to aa83b54 Compare February 27, 2025 14:40
@0xThiebaut
Copy link
Author

Thanks for the reviews so far!

I get that every help or label string I change bounces the translations of other languages, which we typically want to avoid. However I believe the benefit of properly (re)naming the options and help messages will benefit the users on the long run as the current strings are not consistent and occasionally obscure or incorrectly translated (e.g., Output TLS transaction where the session [...] is translated to French as Exit a TLS transaction where a session [...]).

I'd love to refactor the IDS UI strings to have them be consistent and helpful for the users (instead of requiring them to find the equivalent features in the Suricata documentation). I'd obviously be happy to perform the French translations on any bumped string.

@0xThiebaut 0xThiebaut requested a review from Monviech February 27, 2025 15:09
@Monviech
Copy link
Member

If you limit this PR only to the new functionality you want to add it will be simpler to review.

If you want to change existing language strings it could be in a separate PR after this one.

@0xThiebaut
Copy link
Author

Thanks for the feedback; I rolled-back any rewording not related to the new features.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Monviech Monviech Awaiting requested review from Monviech

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xThiebaut @Monviech