I found that when the alert type log appears, it will be accompanied by the fileinfo type log. I feel that the fileinfo log is redundant. How do I turn off the fileinfo type log?
Hi,
Would this be what you are looking for?
In suricata.yaml, add enabled: no in the files type, in eve-log option
- outputs:
- eve-log:
types:
- files:
enabled: no
force-magic: no
# force-hash: [md5,sha256]
1 Like