Actions
Documentation #5891
openuserguide: explain different log save directory in offline mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
To prevent conflicts in the logs, when reading from a pcap (offline mode), Suri will save the logs to the current directory.
This is counter-intuitive and as far as I could see, not documented anywhere.
I saw this presented as a bug of sorts in https://stackoverflow.com/questions/61132410/how-to-run-suricata-on-pcap-mode-and-get-results-in-fast-log/67525274#67525274
Actions