[Oisf-users] Packet payloads in syslogged alerts?
Victor Julien
lists at inliniac.net
Wed Dec 5 06:24:17 UTC 2012
On 12/04/2012 05:10 PM, Matt wrote:
> My SIEM guys want packet payloads included in the syslogged alerts. Is
> that possible? So far the only way I've found to get payloads is from
> the debug log.
Our alert syslog facility doesn't do that, it's more like a fast.log
over syslog.
I think the new barnyard2 1.11 supports something like this[1] although
I have not experience with this part of by2.
Cheers,
Victor
[1]
https://github.com/firnsy/barnyard2/blob/master/src/output-plugins/spo_syslog_full.c
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list