[Oisf-users] logging packets on alerts only

Cooper F. Nelson cnelson at ucsd.edu
Tue Oct 31 17:04:02 UTC 2017

Enabled the Unified2 logging and then extract the pcaps with u2boat
(ships with snort).


On 10/31/2017 7:42 AM, Jeff Dyke wrote:
> I've read the docs regarding pcap.log, but was curious if i could log
> only packets that generate an alert (not a drop). I may have missed
> something in the eve configuration. It would not be the end of the
> world to use pcap, but wanted to make sure i wasn't missing something
> obvious.
> Thanks!
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171031/ce49c467/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171031/ce49c467/attachment-0002.sig>

More information about the Oisf-users mailing list