Actions
Feature #1950
open
DH
CT
allow configuration of file-store types
Feature #1950:
allow configuration of file-store types
Effort:
Difficulty:
Label:
Description
files-json.log seems to get pretty big pretty quickly. It would be nice to be able to configure which types of files it will log. Alternately being able to only log the metadata for stuff with a filestore rule could be useful.
VJ Updated by Victor Julien about 9 years ago
I could imagine 2 types of solutions here:
- add some kind of output filtering to the logger (e.g. pattern/regex match)
- allow rules to control such logging.
Personally I would prefer the latter although it's a more invasive change.
CK Updated by chris K. about 9 years ago
I noticed this issue with the eve-log also. Enabling file magic and hash logging to syslog for example results in logs for all filetypes despite having only one alert rule for Win32 PE files. I'd like it to only log the PE files.
DH Updated by Duane Howard about 9 years ago
Friendly ping on this?
VJ Updated by Victor Julien about 9 years ago
- Assignee set to Anonymous
- Target version set to TBD
Contributions will be welcomed.
AH Updated by Andreas Herz about 7 years ago
- Assignee set to Community Ticket
VJ Updated by Victor Julien over 6 years ago
- Related to Feature #1005: conditional logging: controlling what gets logged added
VJ Updated by Victor Julien over 6 years ago
- Related to Feature #2055: Optionally logging on files.json - Not log every file, only certain files that are stored and extracted added
PA Updated by Philippe Antoine over 2 years ago
Have you looked into the config keyword to be able to do this ?
Actions