Bug #2394
closed
Pcap Directory May Miss Files
Added by Danny Browning almost 7 years ago.
Updated over 6 years ago.
Description
Files that are dropped near to the processing time may be missed due to how pcap directory is advancing time.
- Target version set to TBD
Can you give us more details about that?
- Status changed from New to Assigned
Pcap directory mode was updating last processed time to the incorrect time, which combined with certain parameters (e.g. low poll and delay), files recently dropped in the directory could be missed. Pcap directory mode was also updating last processed time too frequently, which combined with OS precision could cause files to be marked done too early.
https://github.com/OISF/suricata/pull/3127
- Status changed from Assigned to Closed
- Target version changed from TBD to 4.1beta1
Also available in: Atom
PDF