- Suricata version 7.0.10
- Operating system CentOS
- How you installed Suricata (from source)
The above is my configuration file. Currently, this can only achieve that all the original traffic is in one pcap file. I hope that each alarm will have an independent pcap file to facilitate further investigation.
How should I adjust the configuration file?