Project

General

Profile

Actions
Copy link

Feature #473

open

pcap log: alert log with packet indexes

Added by Victor Julien almost 12 years ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
medium
Label:

Description

A log similar to alert-pcapinfo that lists alerts for the pcap files we write out.

The pcap-log module keeps track of a per pcap file packet index, so when we get an alert, we can log the packet number the alert was generated for.

Should log: sid,gid,rev,5tuple,packet number.

Actions
Copy link
 #1

Updated by Jason Ish almost 6 years ago

  • Effort set to medium
  • Difficulty set to medium
Actions
Copy link
 #2

Updated by Andreas Herz almost 5 years ago

  • Assignee set to Community Ticket
Actions
Copy link
 #3

Updated by Philippe Antoine 9 months ago

  • Status changed from New to Closed

We have pcap_cnt in eve.json alert events.

Feel free to reopen of there is more to do

Actions
Copy link
 #4

Updated by Victor Julien 9 months ago

  • Status changed from Closed to New

pcap_cnt is only about the packet index on the input side, not the output side

Actions
Copy link
 #5

Updated by Philippe Antoine 9 months ago

So, is this when we do conditional pcap logging on an alert ?

Actions
Copy link

Also available in: Atom PDF