[Oisf-users] Logging Full Rule When Event Occurs
Victor Julien
lists at inliniac.net
Tue Feb 6 19:38:01 UTC 2018
On 06-02-18 20:36, John Peters wrote:
> Had an interesting question come up during a recent conversation: Is it
> possible to have the full rule written to eve.json with the
> corresponding event when it triggers? The reasoning is it would be
> easier to see the actual rule when searched for in a log aggregator than
> have to sift through what's active in /rules. If it an option or
> possible, what's the best route to get it to happen?
https://redmine.openinfosecfoundation.org/issues/2020#change-9429
Coming to 4.1.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list