Hello, I am using the new feature “Conditional PCAP” on Suricata v.7.rc1 to log alert packets. I run Suricata with pcap-log enabled and conditional set to alerts. My Suricata instance is used only to process PCAPs with pcap-file-continuous enabled. After a few months of testing this feature, I en…

Conditional pcap-log fails to log packets for some alerts when using "pcap-file-continuous" flag

Jackojack7 (Jackojack7) June 11, 2023, 7:50am 6

@Eric_Leblond you need more examples of the missed alerts?

Topic		Replies	Views
Conditional PCAP may not log packets for all alerts	1	520	April 29, 2023
Capture file not always exsits for alerts (Suricata v.7 Conditional PCAP)	4	431	April 23, 2023
Conditional pcap-log max flow size/length	6	596	February 28, 2023
Clarification on pcap logging for a single packet Help	3	191	November 18, 2023
File handles generated by the pcap-log module are not broken Help suricata	0	59	March 26, 2024