[Oisf-devel] Fwd: [Open Information Security Foundation] Contact

Kelley Misata kmisata at oisf.net
Tue May 3 10:55:46 UTC 2016


Moving this to our development community mailing list to answer.


---------- Forwarded message ----------
From: 'Sunari' via info <info at openinfosecfoundation.org>
Date: Tue, May 3, 2016 at 5:31 AM
Subject: [Open Information Security Foundation] Contact
To: info at oisf.net


*Name:* Sunari

*Email:* sunari1031 at gmail.com

*Comment:* Hello. I hava a question about suricata.
I am with suricata 3.0.1, which is the newest version of suricata with elk
by using eve-log output.
I know eve-log output has payload, payload-printable, packet fields.
It is useful to me.
However, I noticed there's no hex for payload.
It only has base64 encoded payload and ascii payload.
Sometimes I need hex value when a packet detects with hex.
(for example, to detect skype packet, my suricata check the packet whether
it is "\x16\x03\x01\x00\x33". however payload_printable shows only "....3".
I want to get "\x16\x03\x01\x00\x33" through eve-json file.
Do you have some fields for hex or have a plan to develop this?

Thanks you for reading my paper.
(I don't know where i can ask about suricata, so I wrote here.)

Time: May 3, 2016 at 9:31 am
IP Address: 61.255.140.82
Contact Form URL: https://oisf.net/contact/
Sent by an unverified visitor to your site.



-- 
*Kelley Misata*
*Executive Director*
*kmisata at oisf.net <kmisata at oisf.net>*
*twitter:@OISFoundation*
*www.oisf.net <http://www.oisf.net>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160503/fdc05288/attachment.html>


More information about the Oisf-devel mailing list