[Oisf-users] Getting session data

Cooper F. Nelson cnelson at ucsd.edu
Wed Nov 19 13:55:37 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is this what you want?

> Packet log (pcap-log)
> With the pcap-log option you can save all packets, that are registered by Suricata, in a log file named log.pcap. This way, you can take a look at all packets whenever you want.
> In the normal mode a pcap file is created in the default-log-dir. It can also be created elsewhere if a absolute path is set in the yaml-file.
> 
> The file that is saved in example the default -log-dir /var/log/suricata, can be be opened with every program which supports the pcap file format. This can be Wireshark, TCPdump, Suricata, Snort and many others.
> 
> The pcap-log option can be enabled and disabled.
> 
> There is a size limit for the pcap-log file that can be set. The default limit is 32 MB. If the log-file reaches this limit, the file will be rotated and a new one will be created.

From: >
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml



On 11/19/2014 3:19 AM, Charles DeVoe wrote:
> When we started this project it was decided that we need the session
> data along with the alert.  Back then we found that the only way we
> could get this was by using the debug output (although there may have
> been another way).  I attempted to install Suricata with prelude support
> and that failed during the ./configure process.
> 
> So to get to the point.  What methods are available for getting session
> data and which is the best?
> 
> "Thank you for your Support"
> Bartyles and James
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJUbKFZAAoJEKIFRYQsa8FWYE8H/3AqkQenlRNiv9Y5oNsMcMKb
cnwwhcXam4Uiw8BLeAUUgrI2XqKrMGVZlSa8RQPeMUIy7akjEk0SdSsS+KIW6IUJ
g3re1dKmm3N1tYz7Mxu95Vn+ELBRlVdd6LDZxI6iCIY+gTXspTBpYO3Vy+Q0TX4C
jzYZhp8lTq9szk/39igqFqvyhB+zdRbddxDj0bZOUKYWMOmpgleWTX6KYbAb1FUe
8Ghsv9bMLakpKe0Cj/QtQTaOi9TbPFz84cBqYsiq76PG53Z+tSU/MjEjwupnEXj2
HjH/0dzkXHxAxCKLuqeAgXN9laLAq5lDo0KPoJ/j82aQGASsfni6P/Ja/525ebU=
=6471
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list