smtp: turn on smtp mime decoding and enable smtp eve logging.

author Tom DeCanio <decanio.tom@gmail.com>

Thu, 21 Aug 2014 19:34:06 +0000 (12:34 -0700)

committer Victor Julien <victor@inliniac.net>

Thu, 30 Oct 2014 12:33:53 +0000 (13:33 +0100)
author Tom DeCanio <decanio.tom@gmail.com>
Thu, 21 Aug 2014 19:34:06 +0000 (12:34 -0700)
committer Victor Julien <victor@inliniac.net>
Thu, 30 Oct 2014 12:33:53 +0000 (13:33 +0100)
diff --git a/suricata.yaml.in b/suricata.yaml.in

index f1da99ba07080de489185c5b85ea9d7977d689db..12230ff14dd7bd1a632457ebcdccc7d4532df292 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -110,6 +110,7 @@ outputs:
              force-magic: no   # force logging magic on all logged files
              force-md5: no     # force logging of md5 checksums
          #- drop
+        - smtp
          - ssh
          # bi-directional flows
          #- flow
@@ -1299,7 +1300,7 @@ smtp-mime:
  
    # Decode MIME messages from SMTP transactions (may be resource intensive)
    # This field supercedes all others because it turns the entire process on or off
-  decode-mime: no
+  decode-mime: yes
  
    # Decode MIME entity bodies (ie. base64, quoted-printable, etc.)
    decode-base64: yes
author	Tom DeCanio <decanio.tom@gmail.com>
	Thu, 21 Aug 2014 19:34:06 +0000 (12:34 -0700)
committer	Victor Julien <victor@inliniac.net>
	Thu, 30 Oct 2014 12:33:53 +0000 (13:33 +0100)