Abstract: Methods and systems for providing selective packet capture are described. One example method includes identifying a packet capture rule from a set of packet capture rules, the packet capture rule including a trigger condition and an action to perform when the trigger condition is detected; monitoring a network flow to detect whether the network flow satisfies the packet capture rule's trigger condition, wherein monitoring the network flow includes analyzing one or more packets included in the network flow to determine a set of protocol metadata associated with the network flow; and selectively performing the action associated with the packet capture rule on the network flow based on a result of the monitoring.