[Oisf-users] SMTP email body
Joaquín Silva
joaquin.silva.vigenaux at gmail.com
Tue Mar 21 16:21:30 UTC 2017
Hi,
I want to add the email body to the eve.json file. In order to do that I
set the nexts configs:
- eve-log.types.smtp.extended: yes
- smtp.custom: [received, x-originating-ip, relays, reply-to, bcc,
message-id, subject, x_mailer, user-agent, body]
- smtp.md5: [body]
- app-layer.protocols.smtp.mime.body-md5: yes
But i'm not receiving any body. This is an smtp output example:
timestamp : "2017-03-21T13:12:20.340419-0300"
flow_id : 617963398526092
in_iface : "bond0"
event_type : "smtp"
src_ip : "asdasdasd"
src_port : 59824
dest_ip : "asdasdasd"
dest_port : 25
proto : "TCP"
tx_id : 0
smtp
helo : "mail.asd.com"
mail_from : ""
rcpt_to
0 : ""
email
status : "PARSE_DONE"
from : "=?UTF-8?B?Q29udGFiaWxpZGFkIHkgVHJpYnV0YWNpw7Nu?= "
to
0 : "asd at asd.com"
attachment
0 : "btgf8ym.jpg"
1 : "logo-amb.jpg"
reply_to : "asdasdasd"
message_id : "<asdasdasdasd>"
subject : "asdasdasdasd"
received
0 : "asdasdasdasd"
What I'm doing wrong?
My suricata version is 3.2.1
Regards,
Joaquín Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170321/5e3ba4e6/attachment.html>
More information about the Oisf-users
mailing list