Feature #3212
openPrevent duplicate pcaps from being re-processed
Description
Hi,
Is there a way for Suricata to keep track of the pcaps that had been processed and do not reprocess the same pcap again?
This is in the context of running with the command line option of -r.
Thank you.
Updated by Victor Julien about 5 years ago
What is your use case?
I think this is more a task of tooling around Suricata.
Updated by Andreas Herz about 5 years ago
- Assignee set to Community Ticket
- Target version set to TBD
Updated by Peter Pan about 5 years ago
Victor Julien wrote:
What is your use case?
I think this is more a task of tooling around Suricata.
Use case is to look at the different types of traffic patterns in pcaps. But sometimes, the same pcaps get re-submitted for processing by mistake and the reviewing the results from Kibana gave the wrong impression of a spike in certain traffic.
This can be handled with more manual care but just wondering if there can be some technical solution. Eg: using --pcap-file-continuous will at least ensure that pcap with same filename would not be re-processed?