[Oisf-users] Packet capture dump in unified2 logs.

Nikolay Denev ndenev at gmail.com
Wed Feb 15 05:42:42 UTC 2012


I'm wondering how suricata decides which packet to capture and dump in the unified2 log file and which not to.

I'm running Snorby to collect the alerts, and I've noticed that sometimes for a single rule, some of the alerts have
the packet dump present and some not.


More information about the Oisf-users mailing list