[Oisf-users] suri4 suricata.yaml
erik clark
philosnef at gmail.com
Tue Jul 25 13:31:27 UTC 2017
Never mind. I see its now http_response_body_printable and
http_request_body_printable. All good. Thank you!
On Tue, Jul 25, 2017 at 8:59 AM, erik clark <philosnef at gmail.com> wrote:
> Ok, so I am now running 4.0.0.3-rc2, and I have the following in my alert
> section:
>
> - alert:
> payload: yes
> payload-buffer-size: 1kb
> payload-printable: yes
> packet: yes
> http-body-printable: yes
> tagged-packets: yes
>
>
> I do not see an http_body_printable in my eve.json, but am definitely
> seeing traffic to the host of http type (ive got http text in
> payload_printable. Please advise.
>
>
>
> On Fri, Jun 30, 2017 at 9:00 AM, Peter Manev <petermanev at gmail.com> wrote:
>
>> On Fri, Jun 30, 2017 at 2:37 PM, erik clark <philosnef at gmail.com> wrote:
>> > Are there a list of notable changes in suricata.yaml documented
>> somewhere so
>> > that we can try and merge our existing yaml file with the new changes?
>> I am
>> > unsure if there were stream changes or the like. Our goal is primarily
>> to
>> > get http-body-printable into our yaml, but if there are other key
>> additions
>> > we would like to know about those as well.
>> >
>>
>> Most notable in terms of json/alerting would be (alongside http_body) -
>> http://suricata.readthedocs.io/en/latest/output/eve/eve-json
>> -output.html?highlight=metadata#alerts
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170725/05d2fe08/attachment-0002.html>
More information about the Oisf-users
mailing list