Project

General

Profile

Actions
Copy link

Support #2578

closed

How to distinguish the alert

Added by Eric Liu over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Hi guys,I want to analyze multiple pcap files with suricata. How should I distinguish which pcap file the alert belongs to?

Actions
Copy link
 #1

Updated by Victor Julien over 5 years ago

Simplest way is to specify different output directories (-l <dir> command line). In 4.1 there will be an optional 'pcap_file' field in the eve log.

Actions
Copy link
 #2

Updated by Eric Liu over 5 years ago

set pcap-file: true

Actions
Copy link
 #3

Updated by Eric Liu over 5 years ago

please close this issue

Actions
Copy link
 #4

Updated by Victor Julien over 5 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF