[Oisf-users] Packet capture dump in unified2 logs.
Nikolay Denev
ndenev at gmail.com
Wed Feb 15 13:29:54 UTC 2012
On Feb 15, 2012, at 1:52 PM, Peter Manev wrote:
>
> Just from observation -
> "PACKET LEN: 68" in debug alert
> but in Snorby it says "40" - so it does seem there is a bit of discrepancy ....
> If you use pcap.log(ing) in yaml , does this packet indeed have 68 or 40 length ?
>
> --
> Peter Manev
I've just turned on pcap-log in suricata.yaml.
More information about the Oisf-users
mailing list