Hey,
I’m loading an offline pcap using this command “suricata -r”, and it shows that the pcap was loaded successfuly, but i can’t see the traffic from the pcap file in my eve.json / fast.log (also using evebox to manage my alerts, but can’t see the traffic from the pcap file as well),
tried to add the -c /etc/suricata/suricata.yaml as well and it still doesn’t work,
Everything is configured well, and my suricata is working great on a daily / live basis,
appreciate your answers & help!
Hi,
what version are you running, with which config file and how?