IT infrastructure and network security, Suricata and such...
Dear all I have a question,i want to POST data output to eve.log file，but i didn't find where can configure the police, can you help me? thx
I am not sure I understand your question?
example post request:POST / HTTP/1.1Host: www.xx.comUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6)Gecko/20050225 Firefox/1.0.1Content-Type: application/x-www-form-urlencodedContent-Length: 40Connection: Keep-Alive name=Professional%20Ajax&publisher=Wileyi mean is that store the data "name=Professional%20Ajax&publisher=Wiley" in eve.log file with json type
again - not clearly understanding what is your question. Maybe you could do a quick "grep" and see an example output or just click on a http record in the Kibana dashboard and see all the fields available and their data.
oh..no...I can't describe more clearly, if you have a post request, the post data now can't see in the eve.log(example"name=Professional%20Ajax&publisher=Wiley",this post data ), my question is how to do about that ,then i can see the post data in eve.log ?if you again again not clearly,i want say "Thank you very much!"
You want to write POST data to eve.log, correct?
Yes , you are correct!!
It is a standard JSON format so this is depending on the script/transport that you would want to use.What kind of script/language are you using Java/Python/Perl.... ?
Java or Python is ok
I think those three would be a good start for Python/JSON and would give you an idea:https://simplejson.readthedocs.org/en/latest/https://docs.python.org/2/library/json.htmlhttp://pymotw.com/2/json/
Dear Peter I know that web sites,but i mean is not that; i mean is through suricata get post data and save post data to eve.log, can you clearly understanding ?
Ok. Then I would suggest asking that question on our OISF mailing list. I am sure you will get a lot more help there from a that point of view. https://lists.openinfosecfoundation.org/mailman/listinfo