I would like to know the packet (not stream) at the time the alert was raised, which is difficult to do in 6.0.
I would like to take advantage of the ability to save a PCAP when an ALERT occurs, which was added in 7.0.
Is there any way to associate the alert with the log.pcap?
I tried to use the time when the alert occurred and the timestamp provided by log.pcap.{timestamp}, but the difference in time makes it difficult to connect them accurately.