pevma
commented
7 years ago You can use unix-socket to send the pcaps to Suricata for processing.
I think you also would need to mount the pcaps from a directory.
Closed austin-taylor closed 7 years ago
pevma
commented
7 years ago You can use unix-socket to send the pcaps to Suricata for processing.
I think you also would need to mount the pcaps from a directory.
austin-taylor
commented
7 years ago Thank you @pevma
Not sure if this is the appropriate forum for this, so please feel free to redirect me.
I'm trying to run PCAP through the docker image for SELKS, but the suricata.yaml file shows regular suricata settings...
Is there a way to reference the docker image to run suricata... In other words, If I run amsterdam -d ams start it will start suricata just fine, but I want to run PCAP through the docker suricata. What is the best way to do this?