[Oisf-users] suricata IPS and drop.log
Andreas Herz
andi at geekosphere.org
Mon Dec 19 21:20:42 UTC 2016
On 19/12/16 at 09:55, Vieri wrote:
> I'm not sure how to do this.
> I tried the following:
>
> # /usr/bin/suricata --pidfile /var/run/suricata/suricata.pid -vvv -i
> enp0s13 --simulate-ips --pcap=enp0s13 -c /etc/suricata/suricata.yaml
You want:
/usr/bin/suricata --pidfile /var/run/suricata/suricata.pid -vv
--simulate-ips -r dump.pcap -c /etc/suricata/suricata.yaml
But you need to reproduce that so you can dump it in a .pcap file (use
tcpdump for example).
--
Andreas Herz
More information about the Oisf-users
mailing list