How to turn off fileinfo type log

I found that when the alert type log appears, it will be accompanied by the fileinfo type log. I feel that the fileinfo log is redundant. How do I turn off the fileinfo type log?


Would this be what you are looking for?
In suricata.yaml, add enabled: no in the files type, in eve-log option

- outputs:
    - eve-log:
          - files:
              enabled: no
              force-magic: no
              # force-hash: [md5,sha256]
1 Like