[Oisf-users] A few questions about logging.

Victor Julien lists at inliniac.net
Fri Jul 18 13:04:05 UTC 2014

On 07/16/2014 06:59 PM, Cooper F. Nelson wrote:
> Does suricata honor pass rules when exporting JSON and pcap logs?

Pass rules only affect detection, not event logging (like HTTP events)
or pcap recording.

> Can suricata write to a named pipe instead of a file?  I.e., can I 
> specify a FIFO for the pcap.log file and then monitor it with
> another program?

For most outputs we support unix sockets, but not for pcap logging.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list