[Oisf-users] suri4 suricata.yaml
erik clark
philosnef at gmail.com
Tue Jul 25 12:59:34 UTC 2017
Ok, so I am now running 4.0.0.3-rc2, and I have the following in my alert
section:
- alert:
payload: yes
payload-buffer-size: 1kb
payload-printable: yes
packet: yes
http-body-printable: yes
tagged-packets: yes
I do not see an http_body_printable in my eve.json, but am definitely
seeing traffic to the host of http type (ive got http text in
payload_printable. Please advise.
On Fri, Jun 30, 2017 at 9:00 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Fri, Jun 30, 2017 at 2:37 PM, erik clark <philosnef at gmail.com> wrote:
> > Are there a list of notable changes in suricata.yaml documented
> somewhere so
> > that we can try and merge our existing yaml file with the new changes? I
> am
> > unsure if there were stream changes or the like. Our goal is primarily to
> > get http-body-printable into our yaml, but if there are other key
> additions
> > we would like to know about those as well.
> >
>
> Most notable in terms of json/alerting would be (alongside http_body) -
> http://suricata.readthedocs.io/en/latest/output/eve/eve-
> json-output.html?highlight=metadata#alerts
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170725/a39593be/attachment.html>
More information about the Oisf-users
mailing list