Project

General

Profile

Actions

Feature #1208

closed

JSON Output Enhancement - Include Payload(s)

Added by Eoin Miller over 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Please update the JSON output so that packet payload and all other unified2 fields are capable of being output. Also, it would be super awesome if Suricata was able to directly connect to Elastic Search and POST the JSON directly in as new documents in the cluster. This would completely remove the need for unified2 and barnyard2 and allow people to use things like Kibana to go through all their alerting data.

Actions

Also available in: Atom PDF