Feature #3212
open
Prevent duplicate pcaps from being re-processed
Added by Peter Pan about 5 years ago.
Updated about 5 years ago.
Description
Hi,
Is there a way for Suricata to keep track of the pcaps that had been processed and do not reprocess the same pcap again?
This is in the context of running with the command line option of -r.
Thank you.
What is your use case?
I think this is more a task of tooling around Suricata.
- Assignee set to Community Ticket
- Target version set to TBD
Victor Julien wrote:
What is your use case?
I think this is more a task of tooling around Suricata.
Use case is to look at the different types of traffic patterns in pcaps. But sometimes, the same pcaps get re-submitted for processing by mistake and the reviewing the results from Kibana gave the wrong impression of a spike in certain traffic.
This can be handled with more manual care but just wondering if there can be some technical solution. Eg: using --pcap-file-continuous will at least ensure that pcap with same filename would not be re-processed?
Also available in: Atom
PDF