Project

General

Profile

Actions
Copy link

Feature #2233

closed

Allow log for payload and packet only for defined sid

Added by Suk Jeong Lee about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Hello team,

Suricata config file having a feature for logging for all payload and packet, but does not have a feature for only defined sids.

  1. payload: yes # enable dumping payload in Base64
  2. payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
  3. payload-printable: yes # enable dumping payload in printable (lossy) format
  4. packet: yes # enable dumping of packet (without stream segments)

Can we have a feature logging payload and packet only defined sids?

Thanks,

Actions
Copy link

Also available in: Atom PDF