[Oisf-users] Save packets after alert: tag keywoard or smth else?
Jason Ish
lists at unx.ca
Mon Aug 22 18:17:36 UTC 2016
On Mon, Aug 22, 2016 at 6:49 AM, oleg gv <oagvozd at gmail.com> wrote:
> Hello
> Snort can tag traffic after alert and then log some packets after alert to
> analize after.
>
> Is this possibility exists in Suricata ? I can't find it. May be patch
> exists ?
Suricata does support the "tag" keyword however it has been broken in
the current releases.
The next release will fix it for unified2 logging, and we are looking
at options for eve logging, but no timeline on that yet.
Jason
More information about the Oisf-users
mailing list