V0.1.0 Suricata Logger

Modified: - .gitignore: ignoring lua files - suricata.rules: added a rule to log every packet - suricata.yaml: specified alerts to dump whole packet bytes
2025-06-05 10:27:29 +02:00 · 2025-06-05 10:27:29 +02:00 · b02370a69a
commit b02370a69a
parent c3bc1d993e
3 changed files with 19 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -20,3 +20,9 @@ _tmp/

 # tsconfig for bun
 /tsconfig.json
+
+# Lua
+lua_modules/
+.luarocks/
+lua
+core
--- a/suricata/suricata.rules
+++ b/suricata/suricata.rules
@ -1 +1,2 @@
 alert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:2100498; rev:7; metadata:created_at 2010_09_23, updated_at 2010_09_23;)
+alert ip any any -> any any (msg:"General Logging"; sid:12;)
--- a/suricata/suricata.yaml
+++ b/suricata/suricata.yaml
@ -153,13 +153,13 @@ outputs:

      types:
        - alert:
-            # payload: yes             # enable dumping payload in Base64
-            # payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
-            # payload-printable: yes   # enable dumping payload in printable (lossy) format
-            # packet: yes              # enable dumping of packet (without stream segments)
-            # metadata: no             # enable inclusion of app layer metadata with alert. Default yes
-            # http-body: yes           # Requires metadata; enable dumping of HTTP body in Base64
-            # http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format
+            payload: yes             # enable dumping payload in Base64
+            payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
+            payload-printable: yes   # enable dumping payload in printable (lossy) format
+            packet: yes              # enable dumping of packet (without stream segments)
+            metadata: no             # enable inclusion of app layer metadata with alert. Default yes
+            http-body: yes           # Requires metadata; enable dumping of HTTP body in Base64
+            http-body-printable: yes # Requires metadata; enable dumping of HTTP body in printable format

            # Enable the logging of tagged packets for rules using the
            # "tag" keyword.