[Oisf-users] question about alerts-debug schema
Andreas Herz
andi at geekosphere.org
Sat May 28 22:37:42 UTC 2016
On 23/05/16 at 17:29, Emanuel Alves wrote:
> Hi everyone,
>
> I have a question about the information dumped into alerts-debug.
>
> I'm testing the Suricata with a HTTP rule within a Network with GRE tunnels
> and sometimes I see the fields Payload, Payload len, Stream data, and
> Stream data len within the same alert.
Do you have that rule and a pcap so we can reproduce that?
> Is this a normal and expected behaviour?
Never seen it but I also never used GRE :)
> Thanks
> Emanuel
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Andreas Herz
More information about the Oisf-users
mailing list