Project

General

Profile

Actions

Feature #7400

open

eve: optionally support logging pcap output file

Added by Victor Julien about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

In eve records, optionally support logging the pcap log filename that is currently being logged.

Should keep in mind that the order of the output modules is relevant for when pcap file is rotated.

Additionally needs some thoughts on if the flow should actually track the files, so we could log an array of all the files that logged part of the flow.


Related issues 1 (1 open0 closed)

Related to Suricata - Task #7336: Suricon 2024 brainstormNewVictor JulienActions
Actions

Also available in: Atom PDF