Is there a way to have flowints and flow metadata (like to_server_pkts, to_client_bytes…) in a TLS Eve log? I tried setting
in my suricata.yaml, but logs are as they were without metadata.
I don’t think this is possible right now. The TLS record will have a flow_id that you can use to lookup the flow_record, however, the TLS record is likely to be logged during connection setup, but the flow log won’t be logged until the connection is done (or timed out), so it may not be available immediately.