Project

General

Profile

Actions
Copy link

Feature #473

open

pcap log: alert log with packet indexes

Added by Victor Julien over 13 years ago. Updated 7 days ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
medium
Label:

Description

A log similar to alert-pcapinfo that lists alerts for the pcap files we write out.

The pcap-log module keeps track of a per pcap file packet index, so when we get an alert, we can log the packet number the alert was generated for.

Should log: sid,gid,rev,5tuple,packet number.

Related issues 2 (2 open0 closed)

Related to Suricata - Task #7336: Suricon 2024 brainstormAssignedVictor JulienActions
Related to Suricata - Task #8123: Suricon 2025 BrainstormAssignedVictor JulienActions
Actions
Copy link
 #1

Updated by Jason Ish over 7 years ago

  • Effort set to medium
  • Difficulty set to medium
Actions
Copy link
 #2

Updated by Andreas Herz over 6 years ago

  • Assignee set to Community Ticket
Actions
Copy link
 #3

Updated by Philippe Antoine over 2 years ago

  • Status changed from New to Closed

We have pcap_cnt in eve.json alert events.

Feel free to reopen of there is more to do

Actions
Copy link
 #4

Updated by Victor Julien over 2 years ago

  • Status changed from Closed to New

pcap_cnt is only about the packet index on the input side, not the output side

Actions
Copy link
 #5

Updated by Philippe Antoine over 2 years ago

So, is this when we do conditional pcap logging on an alert ?

Actions
Copy link
 #6

Updated by Victor Julien about 1 year ago

  • Related to Task #7336: Suricon 2024 brainstorm added
Actions
Copy link
 #7

Updated by Juliana Fajardini Reichow 7 days ago

  • Related to Task #8123: Suricon 2025 Brainstorm added
Actions
Copy link
 #8

Updated by Juliana Fajardini Reichow 7 days ago

Discussed briefly on Brainstorm 2025: it's nice, but we would wait for someone from the community to take upon this one.

Actions
Copy link

Also available in: Atom PDF