Project

General

Profile

Actions

Support #2578

closed

How to distinguish the alert

Added by Eric Liu about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Hi guys,I want to analyze multiple pcap files with suricata. How should I distinguish which pcap file the alert belongs to?

Actions #1

Updated by Victor Julien about 6 years ago

Simplest way is to specify different output directories (-l <dir> command line). In 4.1 there will be an optional 'pcap_file' field in the eve log.

Actions #2

Updated by Eric Liu about 6 years ago

set pcap-file: true

Actions #3

Updated by Eric Liu about 6 years ago

please close this issue

Actions #4

Updated by Victor Julien about 6 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF