[Oisf-users] extended logging of alerts?

Victor Julien lists at inliniac.net
Wed Feb 3 15:57:51 UTC 2016

On 03-02-16 02:05, Ted Timmons wrote:
> I'm logging alerts to eve-log. I'd like to get extended information
> (such as tls.fingerprint or dns.rrname) in an alert entry. It seems they
> don't show up unless I log all DNS or TLS traffic.

Can you share the eve-log section of your yaml?

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list