Bug #5374
closed
pcap-log: breaking change in file names
Added by Jason Ish over 2 years ago.
Updated almost 2 years ago.
Description
With conditional logging now merged, the output filenames when reading from a pcap are now 0 indexed instead of time indexed, whether or not conditional logging is used.
Ideally there should be no change here as I think the old behaviour is preferable. If this is not possible, a reason for the change and upgrade documentation should be provided.
- Related to Feature #120: Capture full session on alert added
If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.
Eric Leblond wrote in #note-2:
If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.
Correct, in live mode its OK. However, in 6.0.x, even in pcap mode the file gets a timestamp based on the input packets.
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Priority changed from Normal to High
- Assignee changed from OISF Dev to Jason Ish
- Status changed from New to Assigned
- Status changed from Assigned to In Review
- Status changed from In Review to Closed
- Priority changed from High to Normal
Also available in: Atom
PDF