[Oisf-users] change destination of pcap files
erik clark
philosnef at gmail.com
Tue Feb 21 13:35:47 UTC 2017
As an aside, if I set pcap-log to enabled: yes, I get zero alerts in
eve.json, and no pcap files. Moreover, stats in eve.json indicate that suri
apparently is not capturing traffic anymore either... What am I doing
wrong? :D
On Tue, Feb 21, 2017 at 8:11 AM, erik clark <philosnef at gmail.com> wrote:
> I am trying to change the location of the pcap files being generated on
> alert to
>
> /opt/suricata/var/pcap
>
> Also, I cant seem to capture this anyway. I have
>
> - eve-log:
> types:
> - alert:
> packet: yes
>
> but I see nowhere that the files are being captured. Please advise what I
> did wrong. Thanks!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170221/5ecc6465/attachment-0002.html>
More information about the Oisf-users
mailing list