Bug #449
closedon-the-fly md5 checksum calculation doesn't work on Daemon mode
Description
I use suricata for file extraction on FreeBSD 9.0. Suricata is not calculate md5 checksum value on daemon mode.
Rule file contain just a rule
alert http any any -> any any (msg:"FILE store all"; filestore; sid:10001; rev:1;)
./src/suricata --build-info
[100351] 10/4/2012 -- 15:16:35 - (suricata.c:502) <Info>
(SCPrintBuildInfo) -- This is Suricata version 1.3dev (rev fbe0206)
[100351] 10/4/2012 -- 15:16:35 - (suricata.c:575) <Info>
(SCPrintBuildInfo) -- Features: UNITTESTS IPFW PCAP_SET_BUFF
LIBPCAP_VERSION_MAJOR=1 HAVE_PACKET_FANOUT LIBNET1.1
HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW
PCRE_JIT HAVE_NSS PROFILING
if suricata starts with "-D" option or starts with system startup script /usr/local/etc/rc.d/suricata start
all files extracted. But md5 checksum value not showing in "files-json" file
in daemon mode
{ "id": 159, "timestamp": "04\/10\/2012-15:31:36.503376", "ipver": 4,
"srcip": "173.194.35.177", "dstip": "192.168.2.3", "protocol": 6,
"sp": 80, "dp": 4175, "http_uri": "\/imghp?hl=en&tab=wi", "http_host":
"www.google.com", "http_referer": "http:\/\/www.google.com\/",
"filename": "\/imghp", "magic": "HTML document text", "state":
"CLOSED", "stored": true, "size": 16661 }
without "-D" parameters works perfectly
{ "id": 139, "timestamp": "04\/10\/2012-15:33:44.082060", "ipver": 4,
"srcip": "173.194.35.177", "dstip": "192.168.2.3", "protocol": 6,
"sp": 80, "dp": 4178, "http_uri": "\/imghp?hl=en&tab=wi", "http_host":
"www.google.com", "http_referer": "http:\/\/www.google.com\/",
"filename": "\/imghp", "magic": "HTML document text", "state":
"CLOSED", "md5": "6798f92133ba3d3a0aabdf50050ae48a", "stored": true,
"size": 16665 }
Updated by Victor Julien over 12 years ago
- Status changed from New to Assigned
- Assignee set to Peter Manev
Peter, can you try to reproduce this issue on Linux first, if that fails on FreeBSD 9?
Updated by Peter Manev over 12 years ago
I can confirm the same issue on ubuntu.
no MD5s, but everything else is fine.
Updated by Victor Julien over 12 years ago
- Assignee changed from Peter Manev to Victor Julien
- Target version set to 1.3beta2
Thanks Peter, I'll have a look.
Updated by Victor Julien over 12 years ago
- Status changed from Assigned to Closed
Fixed in the git master.