Project

General

Profile

Actions
Copy link

Support #6642

open

Arkime real-time reading of suricata alert pcap

Added by Roaming White 4 months ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Affected Versions:
Label:

Description

I want to read the pcap packets of suricata alert through arkime in real time, but I found that there are multiple threads writing data to multiple pcap packets at the same time using suricata, using the command 

/opt/arkime/bin/capture -c /opt/arkime/etc/config .ini -R /lingtian/logs/suricata/pcapdir/ --monitor --skip
command can't realize the function of reading pcap in real time by arkime, may I know how to realize arkime to read pcap in real time by suricata?

Actions
Copy link
 #1

Updated by Victor Julien 4 months ago

  • Tracker changed from Bug to Support
  • Assignee changed from OISF Dev to Community Ticket
  • Target version deleted (TBD)

I think the Arkime support channels are probably better suited for this question.

Actions
Copy link

Also available in: Atom PDF