mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27f1d88374
This patch adds a new alert format called pcap-info. It aims at providing an easy to parse one-line per-alert format containing the packet id in the parsed pcap for each alert. This permit to add information inside the pcap parser. This format is made to be used with suriwire which is a plugin for wireshark. Its target is to enable the display of suricata results inside wireshark. This format doesn't use append mode per default because a clean file is needed to operate with wireshark. The format is a list of values separated by ':': Packet number:GID of matching signature:SID of signature:REV of signature:Flow:To Server:To Client:0:0:Message of signature The two zero are not yet used values. Candidate for usage is the part of the packet that matched the signature. |
14 years ago | |
|---|---|---|
| benches | ||
| doc | 15 years ago | |
| libhtp | 15 years ago | |
| m4 | ||
| qa | 14 years ago | |
| rules | 14 years ago | |
| src | 14 years ago | |
| .gitignore | 15 years ago | |
| COPYING | ||
| ChangeLog | ||
| LICENSE | ||
| Makefile.am | 15 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | 16 years ago | |
| classification.config | 16 years ago | |
| configure.in | 14 years ago | |
| depcomp | 16 years ago | |
| doxygen.cfg | 14 years ago | |
| install-sh | 16 years ago | |
| missing | 16 years ago | |
| mkinstalldirs | 16 years ago | |
| reference.config | 15 years ago | |
| suricata.yaml | 14 years ago | |