[Discussion] Save reassembled session
Hyun Yoo
easetheworld at gmail.com
Tue Aug 25 22:07:53 UTC 2015
Hello. I am a suricata newbie.
I wonder my task is suitable for Suricata.
There is a list of spammer email addresses and
I want to save the email subject and whole message of them.
(reassembled payload of tcp segments)
Snort has post_detection rule like 'session:binary' which saves whole
reassembled session, but Suricata doesn't have the same.
Can anybody guide me to the right way, please?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20150826/4e73cf65/attachment.html>
More information about the Discussion
mailing list