Packet captures in Suricata

nycaleksey · October 27, 2017, 02:32:52 PM

Hi,

I am running 17.7.7_1 with Suricata enabled, however I can't find an option to capture the traffic that causes the alerts to be generated. Is this feature (saving packet captures of flagged traffic) supported in OPNSense or by Suricata in general? A lot of Suricata alerts are impossible to investigate without being able to review the PCAPs of the traffic.

Thank you,

Aleksey

Packet captures in Suricata

nycaleksey

October 27, 2017, 02:32:52 PM