[Discussion] Limit files-json logging

• Previous message (by thread): [Discussion] Suricata PfSense module
• Next message (by thread): [Discussion] Limit files-json logging
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are attempting to set up and use MD5 hash alerting (rules with filemd5 keywords).  We have set up the alerts and can trigger an alert based on the hash of a file. 
e.g. alert http any any -> any any (msg: "A known bad hash was accessed"; filemd5:badmd5s.txt; filestore; classtype:bad-md5; sid:1; rev:1;)
When we enable the files-json.log in the yaml file, it includes all files, not just those that match the rule. Is there a way to only log the files which trigger an alert instead of everything?

• Previous message (by thread): [Discussion] Suricata PfSense module
• Next message (by thread): [Discussion] Limit files-json logging
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]