Pcap-Log filename

Christophe_Dumont · January 28, 2021, 2:46pm

Hello,

How can i remove the pcap-log file’s extension ?
- pcap-log:
enabled: yes
filename: log.pcap
limit: 1000mb
max-files: 2000

and the file’s name :

/var/log/suricata/log.pcap.1611844794

I want the file to be named

/var/log/suricata/log.pcap

suricata --dump-config|grep -e log-dir -e pcap.log
default-log-dir = /var/log/suricata
outputs.7 = pcap-log
outputs.7.pcap-log = (null)
outputs.7.pcap-log.enabled = yes
outputs.7.pcap-log.filename = log.pcap
outputs.7.pcap-log.limit = 1000mb
outputs.7.pcap-log.max-files = 2000
outputs.7.pcap-log.compression = none
outputs.7.pcap-log.mode = normal
outputs.7.pcap-log.use-stream-depth = no
outputs.7.pcap-log.honor-pass-rules = no
outputs.14.file-store.log-dir = files
profiling.pcap-log = (null)
profiling.pcap-log.enabled = yes
profiling.pcap-log.filename = log.pcap
profiling.pcap-log.append = yes

vjulien · January 30, 2021, 7:02am

It doesn’t look like the timestamp suffix can be disabled.

Topic		Replies	Views
Pcap-log filename suffix Help	1	350	January 5, 2022
Can we add an expire variable in the pcap-log settings? Help suricata , pcaps	1	198	March 25, 2024
Suricata crashes when suricata.yaml setting max-file to 1 in pcap-log config Help suricata	4	332	September 13, 2023
PCAP output file issue Help	2	26	September 5, 2024
Conditional PCAP may not log packets for all alerts	1	642	April 29, 2023

Pcap-Log filename

Related topics