[Oisf-users] Running suricata as a pcap collector
C. L. Martinez
carlopmart at gmail.com
Tue Jan 28 14:17:53 UTC 2014
On Tue, Jan 28, 2014 at 2:15 PM, Victor Julien <lists at inliniac.net> wrote:
> On 01/28/2014 03:12 PM, C. L. Martinez wrote:
>> Is it possible to run suricata as a pcap collector like daemonlogger
>> or netsniff-ng does?? Running without rules and applying some bpf
>> filters ...
>
> Yes, just enable the pcap-log module in your yaml. The current
> implementation is not very efficient though.
>
> In the git master there is a new command line option --disable-detection
> which disables the detection engine completely, making it more efficient
> than just running w/o rules.
>
> Also, some profiling code for pcap logging is in progress here:
> https://github.com/inliniac/suricata/pull/749
>
> --
Thanks Victor. Is this feature present in 2.0beta2?? Or only
downloading git code??
More information about the Oisf-users
mailing list