Project

General

Profile

Actions
Copy link

Documentation #6495

open

userguide: add section on SMTP event type

Added by Juliana Fajardini Reichow over 1 year ago. Updated 8 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
8.0.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

Our guide has a section for SMTP for configuration (cf https://docs.suricata.io/en/latest/configuration/suricata-yaml.html#smtp),
but nothing to add more details on EVE output or format.
----
This is what we have in our yaml:

- smtp:
            #extended: yes # enable this for extended logging information
    # this includes: bcc, message-id, subject, x_mailer, user-agent
    # custom fields logging from the list:
    #  reply-to, bcc, message-id, subject, x-mailer, user-agent, received,
    #  x-originating-ip, in-reply-to, references, importance, priority,
    #  sensitivity, organization, content-md5, date
            #custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc]
    # output md5 of fields: body, subject
    # for the body you need to set app-layer.protocols.smtp.mime.body-md5
    # to yes
            #md5: [body, subject]
Actions
Copy link
 #1

Updated by Victor Julien 6 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #2

Updated by Victor Julien 21 days ago

  • Target version changed from 8.0.0-rc1 to 8.0.0
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 8 days ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 8 days ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF