[Oisf-users] Packet capture dump in unified2 logs.

Victor Julien victor at inliniac.net
Wed Feb 15 08:07:52 UTC 2012


On 02/15/2012 06:42 AM, Nikolay Denev wrote:
> Hi,
> 
> I'm wondering how suricata decides which packet to capture and dump in the unified2 log file and which not to.
> 
> I'm running Snorby to collect the alerts, and I've noticed that sometimes for a single rule, some of the alerts have
> the packet dump present and some not.

That is odd. There should always be a packet. Is this happening with
specific rules and / or traffic?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list