Forum Discussion
Kevin_Stewart
Jul 04, 2014Employee
First, just add a log local0. [TCP::payload] statement in your CLIENT_DATA event. I'm also guessing from this output that the collected data isn't text, and more important, there's more than one TCP session. Before going any further, add that additional log statement and see what the payload actually looks like.