[Oisf-users] question about alerts-debug schema

Emanuel Alves emanuel.alves.work at gmail.com
Mon May 23 16:29:23 UTC 2016

Hi everyone,

I have a question about the information dumped into alerts-debug.

I'm testing the Suricata with a HTTP rule within a Network with GRE tunnels
and sometimes I see the fields Payload, Payload len, Stream data, and
Stream data len within the same alert.
Is this a normal and expected behaviour?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160523/b908abaf/attachment.html>

More information about the Oisf-users mailing list