[Oisf-users] Limiting packet logging to alerting packets only

Darren Spruell phatbuckett at gmail.com
Fri Jun 17 00:02:45 UTC 2011

Previous message (by thread): [Oisf-users] Consequences of PF_RING enable_tx_capture=0?
Next message (by thread): [Oisf-users] Limiting packet logging to alerting packets only
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Curious if there's a way to get a pcap log for only packets triggering
rule hits. My read of the 'pcap-log' option is that it logs _all_
packets (except for those cases excluded per docs), but just the
interesting traffic would be ideal at times.

Suricata version 1.1beta2

-- 
Darren Spruell
phatbuckett at gmail.com

Previous message (by thread): [Oisf-users] Consequences of PF_RING enable_tx_capture=0?
Next message (by thread): [Oisf-users] Limiting packet logging to alerting packets only
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Oisf-users mailing list