[Oisf-users] Considering transitioning from Snort to Suricata questions

Jeff H jeff61225 at gmail.com
Mon Feb 8 20:32:18 UTC 2016

On Mon, Feb 8, 2016 at 11:45 AM, Brandon Lattin <latt0050 at umn.edu> wrote:

> You're probably looking for the 'types' stanza under the eve-logging
> (json) component:
>       types:
>         - alert:
>             # payload: yes           # enable dumping payload in Base64
>             # payload-printable: yes # enable dumping payload in printable
> (lossy) format
>             # packet: yes            # enable dumping of packet (without
> stream segments)
> Thanks Brandon, that does seem to be what I'm looking for. So when using
the type alert in eve-logging do all three of those default to yes? Are
individual pcap files created for each alert?

I can't find this text in any of the documentation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160208/9666ea25/attachment-0002.html>

More information about the Oisf-users mailing list