Documentation #6495
Updated by Juliana Fajardini Reichow 8 days ago
Our guide has a section for SMTP for configuration (cf https://docs.suricata.io/en/latest/configuration/suricata-yaml.html#smtp),
but nothing to add more details on EVE output or format.
----
This is what we have in our yaml:
- smtp:¬
#extended: yes # enable this for extended logging information¬
# this includes: bcc, message-id, subject, x_mailer, user-agent¬
# custom fields logging from the list:¬
# reply-to, bcc, message-id, subject, x-mailer, user-agent, received,¬
# x-originating-ip, in-reply-to, references, importance, priority,¬
# sensitivity, organization, content-md5, date¬
#custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc]¬
# output md5 of fields: body, subject¬
# for the body you need to set app-layer.protocols.smtp.mime.body-md5¬
# to yes¬
#md5: [body, subject]¬