Pcap-Log filename

Christophe_Dumont · January 28, 2021, 2:46pm

Hello,

How can i remove the pcap-log file’s extension ?
- pcap-log:
enabled: yes
filename: log.pcap
limit: 1000mb
max-files: 2000

and the file’s name :

/var/log/suricata/log.pcap.1611844794

I want the file to be named

/var/log/suricata/log.pcap

suricata --dump-config|grep -e log-dir -e pcap.log
default-log-dir = /var/log/suricata
outputs.7 = pcap-log
outputs.7.pcap-log = (null)
outputs.7.pcap-log.enabled = yes
outputs.7.pcap-log.filename = log.pcap
outputs.7.pcap-log.limit = 1000mb
outputs.7.pcap-log.max-files = 2000
outputs.7.pcap-log.compression = none
outputs.7.pcap-log.mode = normal
outputs.7.pcap-log.use-stream-depth = no
outputs.7.pcap-log.honor-pass-rules = no
outputs.14.file-store.log-dir = files
profiling.pcap-log = (null)
profiling.pcap-log.enabled = yes
profiling.pcap-log.filename = log.pcap
profiling.pcap-log.append = yes

vjulien · January 30, 2021, 7:02am

It doesn’t look like the timestamp suffix can be disabled.

Topic		Replies	Views
Pcap-log filename suffix Help	1	311	January 5, 2022
Can we add an expire variable in the pcap-log settings? Help suricata , pcaps	1	153	March 25, 2024
Conditional PCAP may not log packets for all alerts	1	492	April 29, 2023
Conditional pcap-log max flow size/length	6	563	February 28, 2023
Conditional pcap-log fails to log packets for some alerts when using "pcap-file-continuous" flag Help suricata	7	852	July 31, 2023

Pcap-Log filename

Related Topics