Project

General

Profile

Actions

Bug #5374

closed

pcap-log: breaking change in file names

Added by Jason Ish over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

With conditional logging now merged, the output filenames when reading from a pcap are now 0 indexed instead of time indexed, whether or not conditional logging is used.

Ideally there should be no change here as I think the old behaviour is preferable. If this is not possible, a reason for the change and upgrade documentation should be provided.


Related issues 1 (0 open1 closed)

Related to Suricata - Feature #120: Capture full session on alertClosedScott JordanActions
Actions #1

Updated by Jason Ish over 2 years ago

  • Related to Feature #120: Capture full session on alert added
Actions #2

Updated by Eric Leblond over 2 years ago

If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.

Actions #3

Updated by Jason Ish over 2 years ago

Eric Leblond wrote in #note-2:

If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.

Correct, in live mode its OK. However, in 6.0.x, even in pcap mode the file gets a timestamp based on the input packets.

Actions #4

Updated by Victor Julien about 2 years ago

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Actions #5

Updated by Victor Julien almost 2 years ago

  • Priority changed from Normal to High
Actions #6

Updated by Jason Ish almost 2 years ago

  • Assignee changed from OISF Dev to Jason Ish
Actions #7

Updated by Victor Julien almost 2 years ago

  • Status changed from New to Assigned
Actions #8

Updated by Jason Ish almost 2 years ago

  • Status changed from Assigned to In Review
Actions #9

Updated by Victor Julien almost 2 years ago

  • Status changed from In Review to Closed
  • Priority changed from High to Normal
Actions

Also available in: Atom PDF