Project

General

Profile

Actions
Copy link

Documentation #5891

open

userguide: explain different log save directory in offline mode

Added by Juliana Fajardini Reichow 7 months ago. Updated 27 days ago.

Status:
Assigned
Priority:
Low
Assignee:
Juliana Fajardini Reichow
Target version:
7.0.2
Affected Versions:
Effort:
Difficulty:
Label:

Description

To prevent conflicts in the logs, when reading from a pcap (offline mode), Suri will save the logs to the current directory.

This is counter-intuitive and as far as I could see, not documented anywhere.

I saw this presented as a bug of sorts in https://stackoverflow.com/questions/61132410/how-to-run-suricata-on-pcap-mode-and-get-results-in-fast-log/67525274#67525274

Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow 7 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow 4 months ago

  • Status changed from New to Assigned
Actions
Copy link
 #3

Updated by Victor Julien 4 months ago

  • Priority changed from Normal to Low
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow 3 months ago

  • Target version changed from 7.0.0 to 7.0.1
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 27 days ago

  • Target version changed from 7.0.1 to 7.0.2
Actions
Copy link

Also available in: Atom PDF