[Oisf-users] Limiting packet logging to alerting packets only
Victor Julien
victor at inliniac.net
Tue Jun 21 08:44:43 UTC 2011
On 06/17/2011 02:02 AM, Darren Spruell wrote:
> Hi,
>
> Curious if there's a way to get a pcap log for only packets triggering
> rule hits. My read of the 'pcap-log' option is that it logs _all_
> packets (except for those cases excluded per docs), but just the
> interesting traffic would be ideal at times.
>
> Suricata version 1.1beta2
>
No, there is no way to do this. My advice would be to look at unified2
to barnyard2 with log_tcpdump output enabled.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list