Actions
Bug #1737
closedStats not reset between PCAPs when Suricata runs in socket mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
When running Suricata in Unix Socket mode, stats such as packet count are not reset after each PCAP is scanned. This leads to incorrect/invalid data in the output file which states incorrect packet numbers for fired events.
e.g. I scan a 1000 packet PCAP, then I scan a second 1000 packet PCAP. An event is triggered on packet 500 of PCAP #2, but the output states the packet fired on is 1500 which is not even a valid packet number for that PCAP.
Another statistic not being reset is the file extraction counter.
Updated by Victor Julien about 8 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to 70
Updated by Andrew Brown about 8 years ago
I haven't actually confirmed other statistics, but I have solved the pcap_cnt being incorrect by adding the line
memset(&pcap_g, 0x00, sizeof(pcap_g));
to the first line of
void PcapFileGlobalInit()
in src/source-pcap-file.c
Updated by Victor Julien about 8 years ago
- Status changed from Assigned to Closed
- Assignee changed from Eric Leblond to Andrew Brown
- Target version changed from 70 to 3.0.1
Actions