Project

General

Profile

Actions
Copy link

Support #6301

closed

pcap capture

Added by Nguyen Cuong 3 months ago. Updated 23 days ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Affected Versions:
7.0.2
Label:
Beginner

Description

Hi, when I search the information how can I only save data captured (captured it to pcap files) which match with alerts (rule) in suricata, but I can find any idea of this one. So, I wanna know how can i save only data captured which match with alerts in suricata and how it work, thanks

Actions
Copy link
 #1

Updated by Philippe Antoine 23 days ago

  • Status changed from New to Closed

Please use https://forum.suricata.io for support questions such as this

You may want to see conditional pcap logging referenced in https://docs.suricata.io/en/latest/configuration/suricata-yaml.html

Actions
Copy link

Also available in: Atom PDF