Is there a way with Suricata to start a full pcap on an interface for the entire interface or specific IP based on an alert from the IDS? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170629/44658e01/attachment.html>