adding extended custom http eve.json fields #380
Conversation
why not adding this fields to the custom fields? maybe needs a suboption at the interface?
|
Before this pull request can be accepted you must first sign a CLA as described at https://www.pfsense.org/about-pfsense/#cla. Please read for more details. |
|
@bmeeks8 can you check this out, please? |
|
well, signed it ... whats next? |
|
We just need to wait for @bmeeks8 to take a look at it too |
|
I am fine with this addition. It will make the EVE output logging in Suricata better. Thank you to @fgrosswig for the submission! @rbgarga -- you might just combine this addition with the other fixes waiting for Suricata and just make a single bump in the port revsion. Bill |
|
I know i'm late to the game as this is already merged. But i think that are too many fields to be logged as default just by enabling extended http log. It might put unneeded load the log/even storage. For example an ELK stack where elastic would index all those fields. @fgrosswig would you be happy if we had an option to define the fields one is interested in via the gui? To have more granular control over the eve-output is something i'm working on anyway. You can have a look here |
|
@securitym0nkey: first i would say what people going to store on elk will do with the "extend" log option anyway extended infos. So why limiting it not taking advantage of the full built in "extended" options in exact this case. I was wondering why "extended" logging to http does not have the whole set. And second, as mentioned above, it would be a best thing to have a textfield or multiple choice to exactly choose what specific option you are going to store on elk. But this is the higher class and would need some additional tweaks on the interface i was too lazy to take also care of - because as said: if i check extended then i expect the "whole" extended and not limited extended output. |
Changes since 0.3.0: We reached v1.0.0 - fix!: Replace limit flag with paginate by @ankitpokhrel in #359 - fix!: Append components on edit instead of overriding by @ankitpokhrel in #368 - feat!: Append label to an issue, show labels at issue list view by @stchar in #300 - refactor!: Move boards and project list to subcommand by @ankitpokhrel in #314 - feat: Support custom fields on issue create by @ankitpokhrel in #319 - feat: Add support to read from .netrc by @adolsalamanca in #329 - feat: Add support for OS keyrings/-chains by @boyvanamstel in #348 - feat: Support auth with personal access tokens by @marek-veber / @ankitpokhrel in #327 - feat: Allow to set fixVersions on issue creation by @ankitpokhrel in #276 - feat: Allow insecure TLS by @ankitpokhrel in #305 - feat: Add --no-browser option to open cmd by @ankitpokhrel in #308 - feat: Add search option for boards on jira init by @ankitpokhrel in #322 - feat: Add issues unlink command by @sushilkg in #347 - feat: Support refresh for issues list by @GZLiew in #325 - feat: Ability to delete issue by @ankitpokhrel in #336 - feat: Allow to set custom fields on epic create by @ankitpokhrel in #364 - feat: Allow to edit release-info/fixVersions by @ankitpokhrel in #365 - feat: Allow removing labels on edit by @ankitpokhrel in #371 - feat: Support creating issues with custom subtask type by @danobi in #372 - feat: Allow removing component on edit by @ankitpokhrel in #374 - feat: Allow removing fixVersions on edit by @ankitpokhrel in #376 - feat: Support custom fields on issue edit by @ankitpokhrel in #377 - feat: Jira init non-interactive by @ankitpokhrel in #381 - feat: Show subtasks in issue view by @ankitpokhrel in #382 - feat: Allow project filter in raw jql by @ankitpokhrel in #395 - fix: Makefile compatiblity with Make 3.81 by @danmichaelo in #252 - fix: Config generation issue by @ankitpokhrel in #275 - fix(cfg): Strip trailing slash on server name by @ankitpokhrel in #295 - fix: Jira client should respect timeout opt by @ankitpokhrel in #304 - fix: Respect GLAMOUR_STYLE env on issue view by @ankitpokhrel in #317 - fix: Get subtask handle from config by @ankitpokhrel in #296 - fix: Jira wiki parser by @ankitpokhrel in #326 - fix: Display correctly columns in list sprint command help by @adolsalamanca in #320 - fix: Panic on empty sub-list by @ankitpokhrel in #330 - fix: Issue with assigning user by @ankitpokhrel in #321 - fix: OOM bug on issue view by @ankitpokhrel in #350 - fix: Assign parent key as is on edit by @ankitpokhrel in #351 - fix: Add additional check for total boards returned by @ankitpokhrel in #360 - fix: Issue with query param in user assignment by @ankitpokhrel in #380 - fix: Subtask clone by @ankitpokhrel in #383 - fix: editing issue with custom field in non interactive mode by @DrudgeRajen in #391 - dep: Upgrade charmbracelet/glamour to 0.5.0 by @ankitpokhrel in #309 - dep: Upgrade rivo/tview to latest by @ankitpokhrel in #310 - dep: Upgrade outdated packages by @ankitpokhrel in #311 - dep: Upgrade cobra to 1.4.0 by @ankitpokhrel in #373 - Use md ext for tmp file to trigger vim syntax by @ElementalWarrior in #318 Full Changelog: ankitpokhrel/jira-cli@v0.3.0...v1.0.0
why not adding this fields to the custom fields? maybe needs a suboption at the interface or could stay as it is to extend the http eve.json information as default.