[Oisf-users] Log packets BEFORE a triggered packet.
Jason Ish
lists at unx.ca
Wed Mar 1 20:29:59 UTC 2017
On Wed, Mar 1, 2017 at 11:28 AM, erik clark <philosnef at gmail.com> wrote:
> Ok, so... On the same thinking as Oleg, do tagged packets go into the
> packet field in eve.json?
>
Yes they do. Make sure you have "tagged-packets: yes" in your
suricata.yaml under eve-log.types.alert.. Tagged packets get their own
event record (event_type:packet) with the packet logged the same way as in
the alert.
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170301/4c96be78/attachment-0002.html>
More information about the Oisf-users
mailing list