In eve.log we have the "event_type":"alert"
, but I want to know if it’s possible to record the pass event as well, i.e. if a packet hits a rule, write a log like “event_type”:“pass” to eve.log or a separate file, I know there’s a drop.log, maybe a new pass.log?
if not possible for now, what’s the fastest way to modify the source to achieve this?