[Oisf-users] Stream data in alert-debug.log?
Victor Julien
lists at inliniac.net
Tue Apr 9 16:23:11 UTC 2013
On 04/09/2013 05:16 PM, Matt wrote:
> I've noticed that some of my debug alerts have stream data, and some
> don't. What triggers that? If it isn't deterministic, how can I
> maximize the chances of getting stream data? I'm guessing the stream
> data just gets written if it happens to be there in memory. Maybe
> increase the size of the stream memcap? Or raise max-sessions for it?
The stream data is added to the alert-debug log if the match was in the
stream data.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list