Project

General

Profile

Actions

Bug #1737

closed

Stats not reset between PCAPs when Suricata runs in socket mode

Added by Andrew Brown about 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When running Suricata in Unix Socket mode, stats such as packet count are not reset after each PCAP is scanned. This leads to incorrect/invalid data in the output file which states incorrect packet numbers for fired events.

e.g. I scan a 1000 packet PCAP, then I scan a second 1000 packet PCAP. An event is triggered on packet 500 of PCAP #2, but the output states the packet fired on is 1500 which is not even a valid packet number for that PCAP.

Another statistic not being reset is the file extraction counter.

Actions

Also available in: Atom PDF