[Oisf-users] logging packets on alerts only

[Jeff Dyke]

I've read the docs regarding pcap.log, but was curious if i could log only
packets that generate an alert (not a drop). I may have missed something in
the eve configuration. It would not be the end of the world to use pcap,
but wanted to make sure i wasn't missing something obvious.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171031/5644cdbb/attachment.html>