Optimization #5643: pcap: rule based conditional pcap logging - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #5643

open

pcap: rule based conditional pcap logging

Added by Jason Ish about 2 years ago. Updated about 2 years ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Allow conditional pcap logging to be configured at the rule level, something like:

config:logging disable, type pcap, scope flow;

Use case: Some rules are more informational than actionable and might not make sense to trigger pcap logging, and in some cases conditional pcap logging may even be too much.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Victor Julien about 2 years ago

Description updated (diff)

Actions

Copy link

Updated by Juliana Fajardini Reichow 9 days ago

Related to Bug #7391: detect/config: 'scope' can't be applied to 'flow' added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Optimization #5643

pcap: rule based conditional pcap logging

Updated by Victor Julien about 2 years ago

Updated by Juliana Fajardini Reichow 9 days ago