[Oisf-users] Packet capture dump in unified2 logs.
Victor Julien
victor at inliniac.net
Wed Feb 15 08:07:52 UTC 2012
On 02/15/2012 06:42 AM, Nikolay Denev wrote:
> Hi,
>
> I'm wondering how suricata decides which packet to capture and dump in the unified2 log file and which not to.
>
> I'm running Snorby to collect the alerts, and I've noticed that sometimes for a single rule, some of the alerts have
> the packet dump present and some not.
That is odd. There should always be a packet. Is this happening with
specific rules and / or traffic?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list