[Oisf-users] Fwd: Stream field in Alert Record in eve.json
Victor Julien
lists at inliniac.net
Tue Jul 17 17:20:28 UTC 2018
On 17-07-18 19:17, Michael Riggs wrote:
>
> Hey list,
>
> I've dug around, but I cannot see the how/why the stream field is set
> "stream":0
> "stream":1
>
> Is there documentation around the fields or can someone drop me how this
> is determined?
If set to 1 (true) it means the payload field is constructed from stored
stream segments. If it is 0 (false), it's the packet payload.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list