[Discussion] Save reassembled session

• Previous message (by thread): [Discussion] Can I use Suricata-IDS for find spread point of malware?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello. I am a suricata newbie.
I wonder my task is suitable for Suricata.

There is a list of spammer email addresses and
I want to save the email subject and whole message of them.
(reassembled payload of tcp segments)

Snort has post_detection rule like 'session:binary' which saves whole
reassembled session, but Suricata doesn't have the same.

Can anybody guide me to the right way, please?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20150826/4e73cf65/attachment.html>

• Previous message (by thread): [Discussion] Can I use Suricata-IDS for find spread point of malware?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]