[Oisf-users] A few questions about logging.
Victor Julien
lists at inliniac.net
Fri Jul 18 13:04:05 UTC 2014
On 07/16/2014 06:59 PM, Cooper F. Nelson wrote:
> Does suricata honor pass rules when exporting JSON and pcap logs?
Pass rules only affect detection, not event logging (like HTTP events)
or pcap recording.
> Can suricata write to a named pipe instead of a file? I.e., can I
> specify a FIFO for the pcap.log file and then monitor it with
> another program?
For most outputs we support unix sockets, but not for pcap logging.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list