[Oisf-users] SMTP email body

Sergey Malinkin malinkinsa at gmail.com
Tue Apr 11 10:48:56 UTC 2017


So, i found my mistake and now all work fine.
Thanks.

2017-04-08 23:36 GMT+03:00 Andreas Herz <andi at geekosphere.org>:

> On 05/04/17 at 13:48, Sergey Malinkin wrote:
> > Hello,
> > I have a this trouble too.
> > Can you resolved it?
>
> I would suggest to you both to try to reproduce it with a pcap that you
> can share with us so we can debug it. Thanks!
>
> > My conf:
> > - eve-log:
> >       enabled: yes
> >       filetype: regular
> >       filename: smtp.json
> >       types:
> >         - smtp:
> >             extended: yes # enable this for extended logging information
> >             custom: [received, x-originating-ip, relays, reply-to, bcc,
> > subject, body, user-agent]
> >             md5: [body, subject]
> >
> >
> > 2017-04-01 22:56 GMT+03:00 Andreas Herz <andi at geekosphere.org>:
> >
> > > On 21/03/17 at 13:21, JoaquĆ­n Silva wrote:
> > > > But i'm not receiving any body. This is an smtp output example:
> > > >
> > > > What I'm doing wrong?
> > > > My suricata version is 3.2.1
> > >
> > > How do you run suricata?
> > >
> > > Can you share a pcap file so we can test wit that as well?
> > >
> > > --
> > > Andreas Herz
> > > _______________________________________________
> > > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > > Site: http://suricata-ids.org | Support: http://suricata-ids.org/
> support/
> > > List: https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
> > >
>
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/
> support/
> > List: https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
>
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170411/c9f597b4/attachment-0002.html>


More information about the Oisf-users mailing list