Suricata

Allow conditional pcap logging to be configured at the rule level, something like:

config:logging disable, type pcap, scope flow;

Use case: Some rules are more informational than actionable and might not make sense to trigger pcap logging, and in some cases conditional pcap logging may even be too much.