[Oisf-users] Dump gzipped content
Davide Setti
d.setti at certego.net
Wed Oct 24 13:17:03 UTC 2018
Thank you Peter,
I missed that line.
Also found this
https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L147 . Both
should work in the same way, is this right?
Thanks,
Davide
Il giorno mer 24 ott 2018 alle ore 15:03 Peter Manev <petermanev at gmail.com>
ha scritto:
>
>
> On Wed, Oct 24, 2018 at 2:41 PM Davide Setti <d.setti at certego.net> wrote:
>
>> Maybe I should also tell that I can not enable Full Packet Capture.
>>
>> Was just wondering if it is possible to log che content of internal
>> buffers used by sucircata (which should be able to decode the gzipped
>> content and analyze it).
>>
>>
> You mean - like dump it on disk/log? (not just the one from the alerts ?)
> I haven't tried this in a while but maybe it is what you need -
> https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L552 ?
>
>
>> Thanks,
>> Davide
>> Il giorno mer 24 ott 2018 alle ore 14:30 Kevin Geil <
>> info at friendandfamilytech.com> ha scritto:
>>
>>> If you have full packet captures, you can filter out the traffic you
>>> need, then "follow tcp stream" in Wireshark. You can try this with a single
>>> packet, but it might not be enough data.
>>>
>>> Kevin
>>>
>>
>>
>> --
>> <http://www.certego.net/>
>> Davide Setti
>> R&D and Incident Response Team, Certego
>> <http://www.linkedin.com/company/certego>
>> <http://twitter.com/Certego_IRT> <http://github.com/certego>
>> <http://www.youtube.com/CERTEGOsrl>
>> <http://plus.google.com/117641917176532015312>
>> Use of the information within this document constitutes acceptance for
>> use in an "as is" condition. There are no warranties with regard to this
>> information; Certego has verified the data as thoroughly as possible. Any
>> use of this information lies within the user's responsibility. In no event
>> shall Certego be liable for any consequences or damages, including direct,
>> indirect, incidental, consequential, loss of business profits or special
>> damages, arising out of or in connection with the use or spread of this
>> information.
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>
>
>
> --
> Regards,
> Peter Manev
>
--
<http://www.certego.net/>
Davide Setti
R&D and Incident Response Team, Certego
<http://www.linkedin.com/company/certego> <http://twitter.com/Certego_IRT>
<http://github.com/certego> <http://www.youtube.com/CERTEGOsrl>
<http://plus.google.com/117641917176532015312>
Use of the information within this document constitutes acceptance for use
in an "as is" condition. There are no warranties with regard to this
information; Certego has verified the data as thoroughly as possible. Any
use of this information lies within the user's responsibility. In no event
shall Certego be liable for any consequences or damages, including direct,
indirect, incidental, consequential, loss of business profits or special
damages, arising out of or in connection with the use or spread of this
information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181024/b6059294/attachment.html>
More information about the Oisf-users
mailing list