Feature #4285: Add an optional "active flow timeout" for long lived flows - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4285

open

Add an optional "active flow timeout" for long lived flows

Added by Jeff Weeks almost 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Jeff Weeks

Target version:

Effort:

Difficulty:

Label:

Description

YAF is a flow meter which has a feature whereby every 30minutes a new record is created for a long lived flow.
In order to implement a similar feature in Suricata, a new timeout can be added which, upon expiry, will close the current flow, and open a new one (thus also generating a new flow record)

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4285

Add an optional "active flow timeout" for long lived flows