Actions
Support #6642
closedArkime real-time reading of suricata alert pcap
Affected Versions:
Label:
Description
I want to read the pcap packets of suricata alert through arkime in real time, but I found that there are multiple threads writing data to multiple pcap packets at the same time using suricata, using the command
/opt/arkime/bin/capture -c /opt/arkime/etc/config .ini -R /lingtian/logs/suricata/pcapdir/ --monitor --skip
command can't realize the function of reading pcap in real time by arkime, may I know how to realize arkime to read pcap in real time by suricata?
Actions