"
As an ugly hack, you can :
* Enable the payload in eve-log (see above).
* Edit and add : /usr/local/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogAlert.xml
* Edit : /usr/local/opnsense/mvc/app/views/OPNsense/IDS/index.volt (to add the payload entry)
* Edit : /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml and /usr/local/etc/suricata/suricata.yaml
Nota :
Guillaume.
Edit : Sorry for the double reply.
* Enable the payload in eve-log (see above).
* Edit and add : /usr/local/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogAlert.xml
Code Select
<field>
<id>payload_printable</id>
<label>Payload</label>
<type>info</type>
</field> * Edit : /usr/local/opnsense/mvc/app/views/OPNsense/IDS/index.volt (to add the payload entry)
Code Select
<th data-column-id="dest_ip" data-type="string" data-sortable="false" data-width="10em">Modèle:Lang. ('Destination')</th>
<th data-column-id="payload_printable" data-type="string" data-sortable="false" data-width="10em">Modèle:Lang. ('Payload')</th>
<th data-column-id="alert" data-type="string" data-sortable="false" >Modèle:Lang. ('Alert')</th>* Edit : /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml and /usr/local/etc/suricata/suricata.yaml
Code Select
filename: eve.json
types:
- alert:
payload: yes
payload-buffer-size: 100kb
payload-printable: yes
packet: yesNota :
- As I didn't really take a look to OPNsense code, I'm not sure that's the good way to make that but It works in my case.
- As I said, this is an ugly hack, there is no integration with the UI to enable/disable this functionality. Moreover, an OPNsense update can remove all of these modifications.
Guillaume.
Edit : Sorry for the double reply.
