pfSense Gold Subscription

Author Topic: Suricata 'Enable Packet Log'  (Read 93 times)

0 Members and 1 Guest are viewing this topic.

Offline JasonAU

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +0/-0
    • View Profile
Suricata 'Enable Packet Log'
« on: November 28, 2017, 08:20:07 pm »
Hi community

I've enabled 'Enable Packet Log' for my WAN interface where will Suricata save this file ? I found an empty 'packetcapture.cap' in /root but I think this is from the pfsense utility to capture packets

Secondly what's the quickest way to download the suricata pcap file once I find it onto my windows machine 
Brisbane Queensland Australia

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3173
  • Karma: +821/-0
    • View Profile
Re: Suricata 'Enable Packet Log'
« Reply #1 on: November 28, 2017, 09:59:15 pm »
Hi community

I've enabled 'Enable Packet Log' for my WAN interface where will Suricata save this file ? I found an empty 'packetcapture.cap' in /root but I think this is from the pfsense utility to capture packets

Secondly what's the quickest way to download the suricata pcap file once I find it onto my windows machine

All Suricata log files and packet captures will be stored in /var/log/suricata and sub-directories underneath there.

Bill

Offline JasonAU

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +0/-0
    • View Profile
Re: Suricata 'Enable Packet Log'
« Reply #2 on: November 29, 2017, 02:13:37 am »
Thankyou !

Will be using it to teach myself some things
Brisbane Queensland Australia