Project

General

Profile

Actions

Feature #2343

open

Add "flush" command to unix socket

Added by Chris Knott about 7 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

If network data is not sent continuously onto a live traffic capturing interface it can be, that some flow information is stuck inside the suricata engine and will never be written into the logs, until other traffic is processed or suricata is shut down. This is due to the "laziness" of the cleanup procedures in suricata. By adding a "flush" command to the unix socket interface it should be possible to trigger the cleanup procedures manually.


Files

test.pcap (7.01 KB) test.pcap Chris Knott, 02/06/2018 04:44 AM
test_missing_end10.pcap (6.87 KB) test_missing_end10.pcap Chris Knott, 02/06/2018 04:44 AM
test_end10.pcap (170 Bytes) test_end10.pcap Chris Knott, 02/06/2018 04:45 AM
single_packet.pcap (345 Bytes) single_packet.pcap Chris Knott, 02/06/2018 04:45 AM
eve_test2.json (292 KB) eve_test2.json Chris Knott, 02/06/2018 04:45 AM
eve_test3.json (289 KB) eve_test3.json Chris Knott, 02/06/2018 04:45 AM
Actions

Also available in: Atom PDF