Actions
Feature #1201
closedFeature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup tooling
file-store metadata in JSON format
Description
Currently we write metadata for filestore like so:
root@LTS-64-1:~# cat /var/log/suricata/files/file.2.meta TIME: 06/08/2014-14:15:08.392536 SRC IP: 31.186.225.23 DST IP: 10.0.2.15 PROTO: 6 SRC PORT: 80 DST PORT: 53064 HTTP URI: /a/11016/26510/105352-2.js?&cb=0.15413070828462816&tk_st=1&rf=http://edition.cnn.com/&rp_s=c&tg_i.site=cnn_international&tg_i.rollup=homepage&tg_i.pagetype=main&p_pos=btf&p_screen_res=1680x945 HTTP HOST: optimized-by.rubiconproject.com HTTP REFERER: http://ads.cnn.com/html.ng/site=cnn_international&cnn_intl_pagetype=main&cnn_intl_position=728x90_bot&cnn_intl_rollup=homepage&page.allowcompete=no¶ms.styles=fs&Params.User.UserID=53944fdb05ba670a3c6b805990008512&transactionID=14022297068343779055472671&tile=895079222045&domId=6c5b4c103152e6e3&kxid=ojke0w8tp&kxseg= HTTP USER AGENT: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 FILENAME: /a/11016/26510/105352-2.js MAGIC: HTML document, ASCII text, with very long lines STATE: CLOSED MD5: 2a5d49f36faaf44d1e115f01bee3f499 SIZE: 2175 root@LTS-64-1:~#
It would be beneficial if we can do JSON format logging as well for the meta files.
Actions