[Oisf-users] question about alerts-debug schema
Emanuel Alves
emanuel.alves.work at gmail.com
Mon May 23 16:29:23 UTC 2016
Hi everyone,
I have a question about the information dumped into alerts-debug.
I'm testing the Suricata with a HTTP rule within a Network with GRE tunnels
and sometimes I see the fields Payload, Payload len, Stream data, and
Stream data len within the same alert.
Is this a normal and expected behaviour?
Thanks
Emanuel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160523/b908abaf/attachment.html>
More information about the Oisf-users
mailing list