Feature #552: State Reset for multiple pcap processing - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #552

closed

Feature #571: interactive unix socket

State Reset for multiple pcap processing

Added by Matt Jonkman about 12 years ago. Updated almost 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

1.4rc1

Effort:

Difficulty:

Label:

Description

Would it be possible to have a signal that would cause suricata to reset it's flowbits, flowint's, and threshold counters?

The intent is to be able to have a running suricata instance that could be fed traffic from many disparate pcaps for analysis, but not let data or state from one affect the next.

Ideally an event to log this would be useful so post analysis knows the division between pcaps.

Or, if easier, if we could change pcap mode to be able to take a list of pcaps in, and reset between each pcap (as an option, this wouldn't be ideal every time).

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #552

State Reset for multiple pcap processing

Updated by Victor Julien about 12 years ago

Updated by Victor Julien about 12 years ago

Updated by Eric Leblond almost 12 years ago

Updated by Victor Julien almost 12 years ago

Updated by Victor Julien almost 12 years ago

Updated by Victor Julien almost 12 years ago