[Oisf-users] Issue when using directory for offline pcap mode
Eric Urban
eurban at umn.edu
Tue Feb 27 23:21:03 UTC 2018
The documentation at
http://suricata.readthedocs.io/en/latest/command-line-options.html#cmdoption-r
states that "Run in pcap offline mode reading files from pcap file. If
<path> specifies a directory, all files in that directory will be processed
in order of modified time maintaining flow state between files."
When I try to specify a directory that contains several pcap files, using
the command like "sudo suricata -r pcaps/", I get the error:
27/2/2018 -- 22:32:45 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - error
reading dump file: Is a directory
Does anyone know if I doing something wrong as it seems from the
documentation that this should work?
Thank you,
Eric Urban
University Information Security | Office of Information Technology |
it.umn.edu
University of Minnesota | umn.edu
eurban at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180227/867f9ea4/attachment.html>
More information about the Oisf-users
mailing list