[Oisf-users] Running suricata as a pcap collector

Victor Julien lists at inliniac.net
Tue Jan 28 14:15:13 UTC 2014

On 01/28/2014 03:12 PM, C. L. Martinez wrote:
>  Is it possible to run suricata as a pcap collector like daemonlogger
> or netsniff-ng does?? Running without rules and applying some bpf
> filters ...

Yes, just enable the pcap-log module in your yaml. The current
implementation is not very efficient though.

In the git master there is a new command line option --disable-detection
which disables the detection engine completely, making it more efficient
than just running w/o rules.

Also, some profiling code for pcap logging is in progress here:

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list