- Suricata version : 7.0.8
- Operating system and/or Linux distribution :anolis
- How you installed Suricata (from source, packages, something else):from source
I hope Suricata can help me record all http-related traffic and save it as a pcap file, but I use the following configuration in the configuration file and it seems to have no effect.
-pcap.log:
enable:yes
filter:“protocol.http”
I verified whether the configuration was effective by changing http to dns, but when it was changed to dns, there was still http traffic in the pcap file.
How can I configure it? Thanks.