[Oisf-users] logging packets on alerts only
Jeff Dyke
jeff.dyke at gmail.com
Tue Oct 31 18:07:50 UTC 2017
Thanks Cooper, that seems like the bit i was missing, as expected it was
right in front of me. I'll try that out.
Thanks again,
Jeff
On Tue, Oct 31, 2017 at 1:04 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> Enabled the Unified2 logging and then extract the pcaps with u2boat (ships
> with snort).
>
> -Coop
>
> On 10/31/2017 7:42 AM, Jeff Dyke wrote:
>
> I've read the docs regarding pcap.log, but was curious if i could log only
> packets that generate an alert (not a drop). I may have missed something in
> the eve configuration. It would not be the end of the world to use pcap,
> but wanted to make sure i wasn't missing something obvious.
>
> Thanks!
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Teamcnelson at ucsd.edu x41042
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171031/d7416a21/attachment-0002.html>
More information about the Oisf-users
mailing list