jmtaylor90/gist:98908f1404f1c247b325600308bc395b

## gistfile1.txt
  # Extensible Event Format (nicknamed EVE) event log in JSON format
  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: alert.json
      pcap-file: true
      community-id: true
      community-id-seed: 0
      types:
        - alert:
            payload: yes             # enable dumping payload in Base64
            payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
            payload-printable: yes   # enable dumping payload in printable (lossy) format
            packet: yes              # enable dumping of packet (without stream segments)
            metadata: yes             # enable inclusion of app layer metadata with alert. Default yes
            http-body: yes           # Requires metadata; enable dumping of http body in Base64
            http-body-printable: yes # Requires metadata; enable dumping of http body in printable format

            # Enable the logging of tagged packets for rules using the
            # "tag" keyword.
            tagged-packets: yes

  - eve-log:
      enabled: no
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: anomaly.json
      pcap-file: true
      community-id: true
      community-id-seed: 0
      types:
        - anomaly:
            enabled: yes
            types:
              decode: no
              stream: no
              applayer: yes
            #packethdr: no
	# Extensible Event Format (nicknamed EVE) event log in JSON format
	- eve-log:
	enabled: yes
	filetype: regular #regular\|syslog\|unix_dgram\|unix_stream\|redis
	filename: alert.json
	pcap-file: true
	community-id: true
	community-id-seed: 0
	types:
	- alert:
	payload: yes # enable dumping payload in Base64
	payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
	payload-printable: yes # enable dumping payload in printable (lossy) format
	packet: yes # enable dumping of packet (without stream segments)
	metadata: yes # enable inclusion of app layer metadata with alert. Default yes
	http-body: yes # Requires metadata; enable dumping of http body in Base64
	http-body-printable: yes # Requires metadata; enable dumping of http body in printable format

	# Enable the logging of tagged packets for rules using the
	# "tag" keyword.
	tagged-packets: yes

	- eve-log:
	enabled: no
	filetype: regular #regular\|syslog\|unix_dgram\|unix_stream\|redis
	filename: anomaly.json
	pcap-file: true
	community-id: true
	community-id-seed: 0
	types:
	- anomaly:
	enabled: yes
	types:
	decode: no
	stream: no
	applayer: yes
	#packethdr: no