[Oisf-users] Running suricata as a pcap collector
Victor Julien
lists at inliniac.net
Tue Jan 28 14:15:13 UTC 2014
On 01/28/2014 03:12 PM, C. L. Martinez wrote:
> Is it possible to run suricata as a pcap collector like daemonlogger
> or netsniff-ng does?? Running without rules and applying some bpf
> filters ...
Yes, just enable the pcap-log module in your yaml. The current
implementation is not very efficient though.
In the git master there is a new command line option --disable-detection
which disables the detection engine completely, making it more efficient
than just running w/o rules.
Also, some profiling code for pcap logging is in progress here:
https://github.com/inliniac/suricata/pull/749
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list