<div dir="ltr">Ok, so I am now running 4.0.0.3-rc2, and I have the following in my alert section:<div><br></div><div>- alert:</div><div> payload: yes</div><div> payload-buffer-size: 1kb</div><div> payload-printable: yes</div><div> packet: yes</div><div> http-body-printable: yes</div><div> tagged-packets: yes</div><div><br></div><div><br></div><div>I do not see an http_body_printable in my eve.json, but am definitely seeing traffic to the host of http type (ive got http text in payload_printable. Please advise.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 30, 2017 at 9:00 AM, Peter Manev <span dir="ltr"><<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Jun 30, 2017 at 2:37 PM, erik clark <<a href="mailto:philosnef@gmail.com">philosnef@gmail.com</a>> wrote:<br>
> Are there a list of notable changes in suricata.yaml documented somewhere so<br>
> that we can try and merge our existing yaml file with the new changes? I am<br>
> unsure if there were stream changes or the like. Our goal is primarily to<br>
> get http-body-printable into our yaml, but if there are other key additions<br>
> we would like to know about those as well.<br>
><br>
<br>
</span>Most notable in terms of json/alerting would be (alongside http_body) -<br>
<a href="http://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html?highlight=metadata#alerts" rel="noreferrer" target="_blank">http://suricata.readthedocs.<wbr>io/en/latest/output/eve/eve-<wbr>json-output.html?highlight=<wbr>metadata#alerts</a><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
--<br>
Regards,<br>
Peter Manev<br>
</font></span></blockquote></div><br></div>