Suricata has many features, and some of those features become less valuable after a period of time. This document describes how to deal with removal of major features.

Supported Features

The deprecation policy only applies to supported features. For features that are not officially supported by the OISF team, no guarantees are given. Such features may break or get removed without warning.

Grace Period

When a feature is to be removed, it will be announced on this page and on the mailing lists. That starts a grace period where the feature will continue to be supported. After 18 months, the feature will be removed in the first major release.

The grace period will be 18 months by default. In some cases a longer or shorter grace period can be used.

Deprecated Features

  • outputs
    • eve dns v1 records
      • reason: superseded by v2
      • announced: November 2020
      • removal: May 2022
      • ticket:  https://redmine.openinfosecfoundation.org/issues/4137
    • independent json logs covered by eve (alert-json-log, dns-json-log, etc)
    • unified2 – legacy binary format
    • drop.log (drop-log)
      • reason superseded by eve.drop
      • announced: February 2019
      • removal: June 2020
      • ticket: https://redmine.openinfosecfoundation.org/issues/2381
      • removed in 6.0beta1
    • filestore v1
      • reason: superseded by filestore v2
      • announced: May 2019
      • removal: June 2020
      • grace period of 1 year as v2 is stable for quite some time already
      • ticket: https://redmine.openinfosecfoundation.org/issues/2959
      • removed in 6.0beta1
    • dns.log – the text DNS log
    • files-json.log (file-log)
      • reason: superseded by eve.fileinfo
      • announced: December 2017
      • removal: December 2018
      • grace period of 12 months as the eve.fileinfo is also in JSON and has been available for a long time
      • ticket: https://redmine.openinfosecfoundation.org/issues/2376
      • removed in 5.0beta1
  • rule keywords
  • architecture / hardware

Changelog

  • 2017/12/19: initial version adding dns.log, files-json.log, ssh.*, tilera, CUDA.
  • 2017/12/20: added unified2.
  • 2019/05/09: update after removing dns.log, files-json.log and Tilera support. Add filestore v1.
  • 2019/02/18: drop.log added
  • 2019/09/19: add independent json loggers
  • 2020/08/07: updated for 6.0beta1 release
  • 2020/10/15: updated for 6.0 release