Hello, I am using the new feature “Conditional PCAP” on Suricata v.7.rc1 to log alert packets. I run Suricata with pcap-log enabled and conditional set to alerts. My Suricata instance is used only to process PCAPs with pcap-file-continuous enabled. After a few months of testing this feature, I en…

Conditional pcap-log fails to log packets for some alerts when using "pcap-file-continuous" flag

Jackojack7 (Jackojack7) June 11, 2023, 7:50am 6

@Eric_Leblond you need more examples of the missed alerts?

Topic		Replies	Views
Conditional PCAP may not log packets for all alerts	1	634	April 29, 2023
Capture file not always exsits for alerts (Suricata v.7 Conditional PCAP)	4	513	April 23, 2023
Conditional pcap-log max flow size/length	6	770	February 28, 2023
Suricata 7.0 conditional pcap does not record entire flow packets to pcap as expected	6	571	August 1, 2023
Clarification on pcap logging for a single packet Help	3	298	November 18, 2023