[Oisf-users] parsing eve alert payload

Andreas Moe moe.andreas at gmail.com
Wed Apr 13 17:40:21 UTC 2016

hi there. im looking a bit into parsing eve alert payload, to be able to
output the data to pcap format. im seeing that the payload data does not
contain any tcp/ip/eth headers, is there any way to alter this? and a
second question, anyone know of previous work done on handeling the payload
data in eve alert logs?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160413/6d449349/attachment.html>

More information about the Oisf-users mailing list