<div dir="ltr">So I see there are a bunch of preset logs like one for tcp pcap and one for the alerts, fast.log, and one for http custom logging. <div><br></div><div style>One of the things I want to see is a log of DNS and ARP requests and responses, and I'm wondering if this is currently possible or should I just examine the tcp.pcap logs instead.</div>
<div style><br></div><div style>But then I started thinking that different users will only care about different things so maybe it would be more modular to allow a way for Suricata.yaml to let users specify the number of logs they want Suricata to produce each with a custom format of data they care about? Is this possible with Suricata or will this need to be a feature request? Also does it make sense to add this kind of feature?</div>
<div><div><br></div><div style>Vince</div></div></div>