[Oisf-users] Question about filestore/MD5 based alerting

Adnan Baykal abaykal at gmail.com
Wed Mar 5 19:38:24 UTC 2014

When configuring suricata with the following options:

- file-store:
       enabled: yes       # set to yes to enable
       log-dir: files     # directory to store the files
       force-magic: yes   # force logging magic on all stored files
       force-md5: yes     # force logging of md5 checksums
       #waldo: file.waldo # waldo file to store the file_id across runs

 - file-log:
   enabled: yes
   filename: files-json.log
   append: no

files-json.log file contains an entry for each file downloaded instead of
only those files that are alerted on.

any one using suricata for md5 based alerting? if so, do you have any
recommendations on how to do this efficiently while keeping as much info as
possible on the alert?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140305/0a66ed15/attachment.html>

More information about the Oisf-users mailing list