Actions
Optimization #5643
open
JI
OD
pcap: rule based conditional pcap logging
Optimization #5643:
pcap: rule based conditional pcap logging
Description
Allow conditional pcap logging to be configured at the rule level, something like:
config:logging disable, type pcap, scope flow;
Use case: Some rules are more informational than actionable and might not make sense to trigger pcap logging, and in some cases conditional pcap logging may even be too much.
VJ Updated by Victor Julien over 3 years ago
- Description updated (diff)
JF Updated by Juliana Fajardini Reichow over 1 year ago
- Related to Bug #7391: detect/config: 'scope' can't be applied to 'flow' added
Actions