Optimization #5643: pcap: rule based conditional pcap logging - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #5643

open

JI OD

pcap: rule based conditional pcap logging

Optimization #5643: pcap: rule based conditional pcap logging

Added by Jason Ish over 3 years ago. Updated over 3 years ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Allow conditional pcap logging to be configured at the rule level, something like:

config:logging disable, type pcap, scope flow;

Use case: Some rules are more informational than actionable and might not make sense to trigger pcap logging, and in some cases conditional pcap logging may even be too much.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries