Dear all, i have a question regarding the traffic options allowed by suricata. what is the difference between options Full and default. I captured some traffic withe the two options but i didn’t notice any difference. for both I can find the printable payload after TLS negociation even if it’s said that with the Defeult option suricata doesn’t capture traffic after TLS profiling. And another question, does anyone have an idea about the Max Size for the pcap-log file ? many thanks
What part of the config are you talking about exactly?