[Oisf-devel] PCAP log VLAN splitting
LUIS MANUEL SILVA CASTILLO
luismsilvacastillo at gmail.com
Thu May 10 00:02:28 UTC 2018
Hi,
my client wishes to use Suricata as Packet Capture solution. However, there
is an additional request to store packets from VLANs to their respective
PCAP file. For instance VLAN 1 -> PCAP_Log_TS_TN_VLAN_1 same for VLAN 2 and
so on and so forth. Solution is also to be run on high speed network and
needs to be able to cope with up-to 10Gbps link. So far I have tried to use
Lua script both at logging and engine but unable to achieve 10G. I can get
capture and splitting but writing does not perform as required. My next
step would be to try to modify Suricata code to achieve requested feature
but I want to ask first if there is any previous work or someone else had
done something similar so I can get started.
Thanks you very much in advance and look forward to your comments
Manuel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20180510/90fcc720/attachment.html>
More information about the Oisf-devel
mailing list