Actions
Feature #1950
openallow configuration of file-store types
Effort:
Difficulty:
Label:
Description
files-json.log seems to get pretty big pretty quickly. It would be nice to be able to configure which types of files it will log. Alternately being able to only log the metadata for stuff with a filestore rule could be useful.
Updated by Victor Julien over 7 years ago
I could imagine 2 types of solutions here:
- add some kind of output filtering to the logger (e.g. pattern/regex match)
- allow rules to control such logging.
Personally I would prefer the latter although it's a more invasive change.
Updated by chris K. over 7 years ago
I noticed this issue with the eve-log also. Enabling file magic and hash logging to syslog for example results in logs for all filetypes despite having only one alert rule for Win32 PE files. I'd like it to only log the PE files.
Updated by Victor Julien over 7 years ago
- Assignee set to Anonymous
- Target version set to TBD
Contributions will be welcomed.
Updated by Victor Julien about 5 years ago
- Related to Feature #1005: conditional logging: controlling what gets logged added
Updated by Victor Julien about 5 years ago
- Related to Feature #2055: Optionally logging on files.json - Not log every file, only certain files that are stored and extracted added
Updated by Philippe Antoine 12 months ago
Have you looked into the config keyword to be able to do this ?
Actions