Documentation #6495
Updated by Juliana Fajardini Reichow 5 months ago
Our guide has a section for SMTP for configuration (cf https://docs.suricata.io/en/latest/configuration/suricata-yaml.html#smtp),
but nothing to add more details on EVE output or format.
----
This is what we have in our yaml:
- smtp: smtp:¬
#extended: yes # enable this for extended logging information information¬
# this includes: bcc, message-id, subject, x_mailer, user-agent user-agent¬
# custom fields logging from the list: list:¬
# reply-to, bcc, message-id, subject, x-mailer, user-agent, received, received,¬
# x-originating-ip, in-reply-to, references, importance, priority, priority,¬
# sensitivity, organization, content-md5, date date¬
#custom: [received, x-mailer, x-originating-ip, relays, reply-to, bcc] bcc]¬
# output md5 of fields: body, subject subject¬
# for the body you need to set app-layer.protocols.smtp.mime.body-md5 app-layer.protocols.smtp.mime.body-md5¬
# to yes yes¬
#md5: [body, subject] subject]¬