Bug #1855
closed
- Subject changed from alert number output. to alert number output
When using suricata 3.0.1 - if you want to do a fast check on a pcap you could simply run Suricata -
....
29/7/2016 -- 00:46:50 - <Notice> - Signal Received. Stopping engine.
29/7/2016 -- 00:46:50 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
29/7/2016 -- 00:46:50 - <Info> - preallocated 1024 packets. Total memory 3606528
29/7/2016 -- 00:46:50 - <Info> - time elapsed 0.882s
29/7/2016 -- 00:46:50 - <Info> - 1 flows processed
29/7/2016 -- 00:46:50 - <Notice> - Pcap-file module read 127 packets, 1072968 bytes
29/7/2016 -- 00:46:50 - <Info> - Stream TCP processed 127 TCP packets
29/7/2016 -- 00:46:50 - <Info> - Fast log output wrote 5 alerts
29/7/2016 -- 00:46:50 - <Info> - Alert unified2 module wrote 5 alerts
29/7/2016 -- 00:46:50 - <Info> - HTTP logger logged 2 requests
and you can see how many alerts/http requests the run generated.
It seems this is missing in 3.1.1 and necessitates an additional validation check through the logs to confirm alerting etc.
- Assignee set to OISF Dev
- Target version set to 70
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Target version changed from 70 to 4.0rc2
- Status changed from Assigned to Closed
Also available in: Atom
PDF