Project

General

Profile

Feature #1948

allow filestore name configuration options

Added by Duane Howard over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It would be useful to configure patterns for file names for file extraction to give us more control over the filenames when using file_store.

Currently we just get file.1, file.2 etc. Setting the file name to a hash (sha256 preferably) would be helpful.


Related issues

Related to Task #2309: SuriCon 2017 brainstormNewVictor JulienActions
Related to Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup toolingClosedJason Ish06/08/2014Actions
#1

Updated by Victor Julien over 3 years ago

I like the idea to use the hash as file name. Would a global switch be ok for that?

#2

Updated by Duane Howard over 3 years ago

For us I think that would be fine. Not sure if others would have the need to be able to specify paths, and/or patterns (timestamps, src/dst, etc.)

#3

Updated by Victor Julien over 3 years ago

I guess this mean we first start writing to a temporary filename and then when it's done rename the file to the hash name.

#4

Updated by Andreas Herz about 3 years ago

  • Assignee set to Anonymous
  • Target version set to TBD
#5

Updated by Victor Julien over 2 years ago

  • Related to Task #2309: SuriCon 2017 brainstorm added
#6

Updated by Victor Julien over 2 years ago

  • Related to Feature #2303: file-store enhancements (aka file-store v2): deduplication; hash-based naming; json metadata and cleanup tooling added
#7

Updated by Victor Julien over 2 years ago

  • Status changed from New to Closed
  • Assignee changed from Anonymous to Jason Ish
  • Target version changed from TBD to 4.1beta1

https://github.com/OISF/suricata/pull/3175 implements sha256 hash as file names

Also available in: Atom PDF