[Oisf-users] Log packets BEFORE a triggered packet.

Jason Williams jwilliams at emergingthreats.net
Wed Mar 1 16:16:08 UTC 2017

I believe constant full packet capture w/ suri or something such as moloch
may be the answer for this.

I've deployed suri and moloch in tandem for this purpose, until
precognition makes its way to the suricata stack. :)


On Wed, Mar 1, 2017 at 4:41 AM, oleg gv <oagvozd at gmail.com> wrote:

>  Hello !
> How I can log packets BEFORE the packet that  trgigered a rule ? "Tag"
> rule option can log packets AFTER activation-packet, but I need to log
> BEFORE it.
> May be there is a patch for it ?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170301/61ae14e7/attachment-0002.html>

More information about the Oisf-users mailing list