[Oisf-users] logging packets on alerts only

Jeff Dyke jeff.dyke at gmail.com
Tue Oct 31 18:07:50 UTC 2017

Thanks Cooper, that seems like the bit i was missing, as expected it was
right in front of me.  I'll try that out.

Thanks again,

On Tue, Oct 31, 2017 at 1:04 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> Enabled the Unified2 logging and then extract the pcaps with u2boat (ships
> with snort).
> -Coop
> On 10/31/2017 7:42 AM, Jeff Dyke wrote:
> I've read the docs regarding pcap.log, but was curious if i could log only
> packets that generate an alert (not a drop). I may have missed something in
> the eve configuration. It would not be the end of the world to use pcap,
> but wanted to make sure i wasn't missing something obvious.
> Thanks!
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Teamcnelson at ucsd.edu x41042
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171031/d7416a21/attachment-0002.html>

More information about the Oisf-users mailing list