This should be deleted as now I have a better understanding of the problem and I rephrased the question here - Conditional pcap-log fails to log packets for some alerts when using "pcap-file-continuous" flag
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
|
Capture file not always exsits for alerts (Suricata v.7 Conditional PCAP)
|
4 | 513 | April 23, 2023 | |
| Conditional pcap-log fails to log packets for some alerts when using "pcap-file-continuous" flag | 7 | 1092 | July 31, 2023 | |
|
Pcap Capture - Include 3WHS and remaining flow data before TCP/HTTP alert
|
1 | 51 | August 7, 2024 | |
| How to log alert into a pcap | 4 | 844 | July 18, 2023 | |
| FPC when a specific alert is triggered | 2 | 911 | December 10, 2021 |