Project

General

Profile

Actions

Feature #473

open

pcap log: alert log with packet indexes

Added by Victor Julien over 12 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Target version:
Effort:
medium
Difficulty:
medium
Label:

Description

A log similar to alert-pcapinfo that lists alerts for the pcap files we write out.

The pcap-log module keeps track of a per pcap file packet index, so when we get an alert, we can log the packet number the alert was generated for.

Should log: sid,gid,rev,5tuple,packet number.


Related issues 1 (1 open0 closed)

Related to Suricata - Task #7336: Suricon 2024 brainstormNewVictor JulienActions
Actions

Also available in: Atom PDF