Actions
Feature #1245
closedAdd "drop-only" and "alert-only" option for pcap-log
Effort:
Difficulty:
Label:
Description
It would be nice to have the pcap files for matching rules instead of the whole traffic passed.
What i want to have ist, that i have a rule that was matched to be logged into fast.log and when i want to analyse it i can just use the suitable pcap file.
It would be also ok to have several matched rules gathered into one pcap file.
But i want to prevent insanely huge pcap files with 99% valid traffic wasting the HDD space.
Is this a valid feature request? And if you think it's not too hard to implement can you point me where i could start to write a patch.
Updated by Victor Julien over 10 years ago
- Assignee set to Anonymous
- Priority changed from High to Normal
- Target version changed from 2.0.3 to TBD
Updated by Victor Julien over 10 years ago
Sure, it'd be a welcome contribution.
Updated by Andreas Herz over 1 year ago
- Status changed from New to Closed
now available with conditional pcap
Actions