Suricata dose not real timestamp of Pcap file.
7 views
Skip to first unread message
fadi abusafat
Jun 26, 2019, 7:18:46 AM6/26/19
to SELKS
Hi.
I analysed Pcap file by Suricata through suricata -c /etc/suricata/suricata.ymal -r file.pcap --runmode=autofp
I analysed Pcap file by Suricata through suricata -c /etc/suricata/suricata.ymal -r file.pcap --runmode=autofp
I found the time stamp in Eve.json file is current timestamp which it is 2019 while when I checked the real time stamp of Pcap file through tcpdump command, I found it is 2012.
There is a print screen of this problem.
Please, how can I figured Suricata to present the pcap time stamp not current timestamp
There is a print screen of this problem.
Please, how can I figured Suricata to present the pcap time stamp not current timestamp
Reply all
Reply to author
Forward
0 new messages