Hi
Within alert-debug.log, the payload is written as well as the full packet (so the payload is redundant). I am then opening the data within Wireshark; is there a way to disable Suricata from writing the payload ?
many thanks
Hi
Within alert-debug.log, the payload is written as well as the full packet (so the payload is redundant). I am then opening the data within Wireshark; is there a way to disable Suricata from writing the payload ?
many thanks
Within alert-debug you don’t have such configure options but you can use eve output and change they payload settings there.