[Oisf-users] Suricata's ability to capture the packet?

Saxena, Samiksha samiksha.saxena at verizon.com
Wed Sep 9 19:17:35 UTC 2015


We’re working on the project to bring Suricata as the IDS/IPS instead of using Snort.
One question I have is, I was told that Snort have the ability to capture the packet and write it into the log file if it is match with one of the existing signature.
For example, when this is a packet that match our rule, an alert event will be generated and following by the hex encoded packet capture. Then somebody can decode it and see a snippet in pcap ascii output or something.

I’m pretty new to IDS/IPS system, and not sure how exactly Snort does this (maybe the ‘log’ action in rule?). I’m wondering this there any similar functionality the Suricata provide?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150909/84089bc7/attachment.html>

More information about the Oisf-users mailing list