[Oisf-users] eve.json logging issues
erik clark
philosnef at gmail.com
Thu Nov 17 18:30:36 UTC 2016
Thanks! That worked.
Is there a way to get the actual content of the signature into the alert?
So not just the payload, subject, flowdata and so forth, but the actual
signature itself, so someone can look at it in the alert to see why it may
have fired erroneously...
On Thu, Nov 17, 2016 at 1:10 PM, Jason Ish <lists at unx.ca> wrote:
> On Thu, Nov 17, 2016 at 11:35 AM, erik clark <philosnef at gmail.com> wrote:
> > I am getting the following event_types in my eve.json:
> >
> >
> > http
> > fileinfo
> >
> > I have
> >
> > http:
> > enabled: no
>
> The eve-log types don't have an enabled field. To disable them just
> comment it out. In the default suricata.yaml "netflow" is commented
> out this way, eg:
>
> #- netflow
>
> Hope that helps,
> Jason
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161117/6825a32a/attachment-0002.html>
More information about the Oisf-users
mailing list