I want to use Suricata to capture only HTTP traffic (not analyze it). I do not want to capture any other traffic at all, and I also do not want to analyze the traffic— I just want HTTP traffic to be logged.
I do not want to capture any other traffic since it is unnecessary for me and because it impacts performance and storage.
I have tried configuring suricata.yaml, but I have not been able to solve my problem. Could someone here help me?
Do you literally mean HTTP, or do you mean “web traffic” which will predominantly be HTTPS these days. HTTPS is encrypted. That means you cannot see the packet payload contents unless you configure MITM (man-in-the-middle) interception using a third-party tool. You can only see source and destination IP addresses and ports – and for now some SNI data.