Feature #2166: output: log only triggering buffers - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #2166

open

output: log only triggering buffers

Added by Eric Leblond over 7 years ago. Updated over 7 years ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

When adding to the alert events the protocol buffer, we provide valuable information but logging all of them will cause a serious increase in event size. So we should only log the triggering buffers.

Jason Ish is proposing the following (https://github.com/inliniac/suricata/pull/2663#issuecomment-293952371)

{
    "timestamp": ...
    "alert": ...
    "buffers": [
        {
            "name": "http_response_body",
            "data": "....",
            "data-printable": "...",
        },
        {
        ....

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #2166

output: log only triggering buffers

Updated by Victor Julien over 7 years ago

Updated by Andreas Herz over 7 years ago