[Oisf-users] Packet data in JSON
Michał Purzyński
michalpurzynski1 at gmail.com
Wed Dec 17 15:11:55 UTC 2014
Hey, starting from 2.1beta1 Suricata can output packet data, base64
encoded, in JSON. I decided to give it a try and am wondering, how do
I convert the data to pcap format?
I'm talking about
- eve-log:
enabled: yes
type: file
filename: eve.json
types:
- alert:
payload: yes
payload-printable: yes
packet: yes <--- this is interesting.
http: yes
I.e. the field in JSON
"packet":"eP49SL<packet-data-here>TMfIgGpXxw=="}
I can decode it using base64 -D and get a binary file, but it lacks
pcap wrapping so I can't really open it with anything.
Any ideas where to go from here?
More information about the Oisf-users
mailing list