[Oisf-users] extended logging of alerts?
Victor Julien
lists at inliniac.net
Wed Feb 3 15:57:51 UTC 2016
On 03-02-16 02:05, Ted Timmons wrote:
> I'm logging alerts to eve-log. I'd like to get extended information
> (such as tls.fingerprint or dns.rrname) in an alert entry. It seems they
> don't show up unless I log all DNS or TLS traffic.
Can you share the eve-log section of your yaml?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list