Project

General

Profile

Actions

Feature #1948

closed

allow filestore name configuration options

Added by Duane Howard almost 8 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It would be useful to configure patterns for file names for file extraction to give us more control over the filenames when using file_store.

Currently we just get file.1, file.2 etc. Setting the file name to a hash (sha256 preferably) would be helpful.


Related issues 2 (1 open1 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup toolingClosedJason Ish06/08/2014Actions
Actions #1

Updated by Victor Julien almost 8 years ago

I like the idea to use the hash as file name. Would a global switch be ok for that?

Actions #2

Updated by Duane Howard almost 8 years ago

For us I think that would be fine. Not sure if others would have the need to be able to specify paths, and/or patterns (timestamps, src/dst, etc.)

Actions #3

Updated by Victor Julien almost 8 years ago

I guess this mean we first start writing to a temporary filename and then when it's done rename the file to the hash name.

Actions #4

Updated by Andreas Herz over 7 years ago

  • Assignee set to Anonymous
  • Target version set to TBD
Actions #5

Updated by Victor Julien almost 7 years ago

  • Related to Task #2309: SuriCon 2017 brainstorm added
Actions #6

Updated by Victor Julien almost 7 years ago

  • Related to Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup tooling added
Actions #7

Updated by Victor Julien almost 7 years ago

  • Status changed from New to Closed
  • Assignee changed from Anonymous to Jason Ish
  • Target version changed from TBD to 4.1beta1

https://github.com/OISF/suricata/pull/3175 implements sha256 hash as file names

Actions

Also available in: Atom PDF