Support #6642
closedArkime real-time reading of suricata alert pcap
Affected Versions:
I want to read the pcap packets of suricata alert through arkime in real time, but I found that there are multiple threads writing data to multiple pcap packets at the same time using suricata, using the command
/opt/arkime/bin/capture -c /opt/arkime/etc/config .ini -R /lingtian/logs/suricata/pcapdir/ --monitor --skip
command can't realize the function of reading pcap in real time by arkime, may I know how to realize arkime to read pcap in real time by suricata?
Updated by Victor Julien about 1 year ago
- Tracker changed from Bug to Support
- Assignee changed from OISF Dev to Community Ticket
- Target version deleted (
I think the Arkime support channels are probably better suited for this question.
Updated by Philippe Antoine 8 months ago
- Status changed from New to Rejected
Closing as Victor said this is a question for Arkime