Project

General

Profile

Actions
Copy link

Documentation #5891

open

userguide: explain different log save directory in offline mode

Added by Juliana Fajardini Reichow about 2 years ago. Updated 3 months ago.

Status:
Assigned
Priority:
Low
Assignee:
OISF Dev
Target version:
8.0.0-rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

To prevent conflicts in the logs, when reading from a pcap (offline mode), Suri will save the logs to the current directory.

This is counter-intuitive and as far as I could see, not documented anywhere.

I saw this presented as a bug of sorts in https://stackoverflow.com/questions/61132410/how-to-run-suricata-on-pcap-mode-and-get-results-in-fast-log/67525274#67525274

Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow about 2 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow almost 2 years ago

  • Status changed from New to Assigned
Actions
Copy link
 #3

Updated by Victor Julien almost 2 years ago

  • Priority changed from Normal to Low
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow almost 2 years ago

  • Target version changed from 7.0.0 to 7.0.1
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow over 1 year ago

  • Target version changed from 7.0.1 to 7.0.2
Actions
Copy link
 #6

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.2 to 7.0.3
Actions
Copy link
 #7

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.3 to 8.0.0-beta1
Actions
Copy link
 #8

Updated by Victor Julien 10 months ago

  • Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions
Copy link
 #9

Updated by Victor Julien 3 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link

Also available in: Atom PDF