[Oisf-users] Considering transitioning from Snort to Suricata questions
Jeff H
jeff61225 at gmail.com
Mon Feb 8 20:32:18 UTC 2016
On Mon, Feb 8, 2016 at 11:45 AM, Brandon Lattin <latt0050 at umn.edu> wrote:
> You're probably looking for the 'types' stanza under the eve-logging
> (json) component:
>
> types:
> - alert:
> # payload: yes # enable dumping payload in Base64
> # payload-printable: yes # enable dumping payload in printable
> (lossy) format
> # packet: yes # enable dumping of packet (without
> stream segments)
>
> Thanks Brandon, that does seem to be what I'm looking for. So when using
the type alert in eve-logging do all three of those default to yes? Are
individual pcap files created for each alert?
I can't find this text in any of the documentation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160208/9666ea25/attachment-0002.html>
More information about the Oisf-users
mailing list