[Oisf-users] Log packets BEFORE a triggered packet.
Jason Williams
jwilliams at emergingthreats.net
Wed Mar 1 16:16:08 UTC 2017
I believe constant full packet capture w/ suri or something such as moloch
may be the answer for this.
I've deployed suri and moloch in tandem for this purpose, until
precognition makes its way to the suricata stack. :)
Jason
On Wed, Mar 1, 2017 at 4:41 AM, oleg gv <oagvozd at gmail.com> wrote:
> Hello !
>
> How I can log packets BEFORE the packet that trgigered a rule ? "Tag"
> rule option can log packets AFTER activation-packet, but I need to log
> BEFORE it.
>
> May be there is a patch for it ?
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170301/61ae14e7/attachment-0002.html>
More information about the Oisf-users
mailing list