Actions
Feature #473
open
VJ
CT
pcap log: alert log with packet indexes
Feature #473:
pcap log: alert log with packet indexes
Effort:
medium
Difficulty:
medium
Label:
Description
A log similar to alert-pcapinfo that lists alerts for the pcap files we write out.
The pcap-log module keeps track of a per pcap file packet index, so when we get an alert, we can log the packet number the alert was generated for.
Should log: sid,gid,rev,5tuple,packet number.
JI Updated by Jason Ish almost 8 years ago
- Effort set to medium
- Difficulty set to medium
AH Updated by Andreas Herz almost 7 years ago
- Assignee set to Community Ticket
PA Updated by Philippe Antoine over 2 years ago
- Status changed from New to Closed
We have pcap_cnt in eve.json alert events.
Feel free to reopen of there is more to do
VJ Updated by Victor Julien over 2 years ago
- Status changed from Closed to New
pcap_cnt is only about the packet index on the input side, not the output side
PA Updated by Philippe Antoine over 2 years ago
So, is this when we do conditional pcap logging on an alert ?
VJ Updated by Victor Julien over 1 year ago
- Related to Task #7336: Suricon 2024 brainstorm added
JF Updated by Juliana Fajardini Reichow 5 months ago
- Related to Task #8123: Suricon 2025 Brainstorm added
JF Updated by Juliana Fajardini Reichow 5 months ago
Discussed briefly on Brainstorm 2025: it's nice, but we would wait for someone from the community to take upon this one.
Actions