[Oisf-users] suri4 suricata.yaml

erik clark philosnef at gmail.com
Tue Jul 25 12:59:34 UTC 2017

Ok, so I am now running, and I have the following in my alert

- alert:
  payload: yes
  payload-buffer-size: 1kb
  payload-printable: yes
  packet: yes
  http-body-printable: yes
  tagged-packets: yes

I do not see an http_body_printable in my eve.json, but am definitely
seeing traffic to the host of http type (ive got http text in
payload_printable. Please advise.

On Fri, Jun 30, 2017 at 9:00 AM, Peter Manev <petermanev at gmail.com> wrote:

> On Fri, Jun 30, 2017 at 2:37 PM, erik clark <philosnef at gmail.com> wrote:
> > Are there a list of notable changes in suricata.yaml documented
> somewhere so
> > that we can try and merge our existing yaml file with the new changes? I
> am
> > unsure if there were stream changes or the like. Our goal is primarily to
> > get http-body-printable into our yaml, but if there are other key
> additions
> > we would like to know about those as well.
> >
> Most notable in terms of json/alerting would be (alongside http_body) -
> http://suricata.readthedocs.io/en/latest/output/eve/eve-
> json-output.html?highlight=metadata#alerts
> --
> Regards,
> Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170725/a39593be/attachment.html>

More information about the Oisf-users mailing list