Project

General

Profile

Bug #3390

Updated by Victor Julien over 4 years ago

When I using this command "suricata -c xxx.yaml -r xxx.pcap", the output eve-log generates pcap_filname in every line. 

 But when i using "suricata -c xxx.yaml --unix-socket" and 'suricatasc xxx.socket -c "pcap-file test.pcap /home/pcap/"', the output eve-log does not has "pcap_filename", the log sample is as follows: 

 <pre><code class="javascript"> 
 {"timestamp":"2019-08-27T10:54:02.199286+0800","flow_id":1803132955396726,"pcap_cnt":1523,"event_type":"dns","src_ip":"10.x.x.x","src_port":64800,"dest_ip":"192.x.x.x","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10166,"rrname":"xxx.com","rrtype":"A","tx_id":0}} 
 </code></pre> 

 How can I fix this?

Back