[Oisf-users] Suricata 1.4, ability to specify a new custom log or see a log of DNS and ARP requests?
vincent.y.fang at gmail.com
Mon Feb 25 19:49:52 UTC 2013
So I see there are a bunch of preset logs like one for tcp pcap and one for
the alerts, fast.log, and one for http custom logging.
One of the things I want to see is a log of DNS and ARP requests and
responses, and I'm wondering if this is currently possible or should I just
examine the tcp.pcap logs instead.
But then I started thinking that different users will only care about
different things so maybe it would be more modular to allow a way for
Suricata.yaml to let users specify the number of logs they want Suricata to
produce each with a custom format of data they care about? Is this possible
with Suricata or will this need to be a feature request? Also does it make
sense to add this kind of feature?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Oisf-users