[Oisf-users] Considering transitioning from Snort to Suricata questions
Brandon Lattin
latt0050 at umn.edu
Mon Feb 8 21:02:06 UTC 2016
They're off by default (if I remember correctly). There are no true pcap
files, just the packet contents represented in whatever format you select
in the json blob.
On Mon, Feb 8, 2016 at 2:32 PM, Jeff H <jeff61225 at gmail.com> wrote:
> On Mon, Feb 8, 2016 at 11:45 AM, Brandon Lattin <latt0050 at umn.edu> wrote:
>
>> You're probably looking for the 'types' stanza under the eve-logging
>> (json) component:
>>
>> types:
>> - alert:
>> # payload: yes # enable dumping payload in Base64
>> # payload-printable: yes # enable dumping payload in
>> printable (lossy) format
>> # packet: yes # enable dumping of packet (without
>> stream segments)
>>
>> Thanks Brandon, that does seem to be what I'm looking for. So when using
> the type alert in eve-logging do all three of those default to yes? Are
> individual pcap files created for each alert?
>
> I can't find this text in any of the documentation.
>
--
Brandon Lattin
Security Analyst
University of Minnesota - University Information Security
Office: 612-626-6672
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160208/996a2715/attachment-0002.html>
More information about the Oisf-users
mailing list