Actions
Bug #1855
closedalert number output
Affected Versions:
Effort:
Difficulty:
Label:
Actions
Added by Peter Manev over 9 years ago. Updated over 8 years ago.
When using suricata 3.0.1 - if you want to do a fast check on a pcap you could simply run Suricata -
.... 29/7/2016 -- 00:46:50 - <Notice> - Signal Received. Stopping engine. 29/7/2016 -- 00:46:50 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state 29/7/2016 -- 00:46:50 - <Info> - preallocated 1024 packets. Total memory 3606528 29/7/2016 -- 00:46:50 - <Info> - time elapsed 0.882s 29/7/2016 -- 00:46:50 - <Info> - 1 flows processed 29/7/2016 -- 00:46:50 - <Notice> - Pcap-file module read 127 packets, 1072968 bytes 29/7/2016 -- 00:46:50 - <Info> - Stream TCP processed 127 TCP packets 29/7/2016 -- 00:46:50 - <Info> - Fast log output wrote 5 alerts 29/7/2016 -- 00:46:50 - <Info> - Alert unified2 module wrote 5 alerts 29/7/2016 -- 00:46:50 - <Info> - HTTP logger logged 2 requests
It seems this is missing in 3.1.1 and necessitates an additional validation check through the logs to confirm alerting etc.