[Oisf-users] Options for Alerts
Gofran, Paul
paul.gofran at lmco.com
Thu Jun 5 13:52:25 UTC 2014
Is there a way to write a PCAP to disk when an alert is logged (For the packet that triggered the alert or even for the whole flow)? This would be beneficial to provide more context for the alert if full packet capture is not an option.
Is anyone trying to do something like this?
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140605/384e3115/attachment.html>
More information about the Oisf-users
mailing list