Suricata
1. What is Suricata
2. Quickstart guide
3. Installation
4. Upgrading
5. Security Considerations
6. Support Status
7. Command Line Options
8. Suricata Rules
9. Rule Management
10. Making sense out of Alerts
11. Performance
12. Configuration
13. Reputation
14. Init Scripts
15. Output
16. Lua support
17. File Extraction
18. Protocols
19. Public Datasets (PCAPs)
20. Using Capture Hardware
21. Interacting via Unix Socket
22. Plugins
23. IPS Mode
24. Firewall Mode
25. 3rd Party Integration
26. Man Pages
27. Acknowledgements
28. Licenses
29. Suricata Developer Guide
29.1. Working with the Codebase
29.2. Contributing
29.3. Suricata Internals
29.4. Extending Suricata
29.4.1. Packet Capture
29.4.2. Packet Decoder
29.4.3. App-Layer
29.4.4. Detection
29.4.5. Exception Policies
29.4.6. Output
29.4.7. EVE Filetypes
29.4.8. EVE Hooks
29.5. LibSuricata and Plugins
29.6. Upgrading
30. Verifying Suricata Source Distribution Files
31. Appendix
Suricata
29.
Suricata Developer Guide
29.4.
Extending Suricata
View page source
29.4.
Extending Suricata
29.4.1. Packet Capture
29.4.2. Packet Decoder
29.4.3. App-Layer
29.4.3.1. Application Layer Overview
29.4.3.2. Application Layer Frame Support
29.4.3.3. Parsers
29.4.3.4. Transactions
29.4.4. Detection
29.4.4.1. Rate Filter Callback
29.4.5. Exception Policies
29.4.5.1. Extending
29.4.5.2. Adding a New Policy
29.4.5.3. Adding a New Exception Policy
29.4.5.4. Testing
29.4.6. Output
29.4.6.1. Low Level Logging
29.4.7. EVE Filetypes
29.4.7.1. Introduction
29.4.7.2. EVE Filetype Life Cycle
29.4.7.3. Threading Considerations
29.4.7.4. Write Considerations
29.4.7.5. Registration
29.4.7.6. Examples
29.4.8. EVE Hooks
29.4.8.1. Registration
29.4.8.2. Callback
29.4.8.3. Example