https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022017-02-10T02:34:12ZOpen Information Security FoundationSuricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=78932017-02-10T02:34:12ZVictor Julienvictor@inliniac.net
<ul></ul><p>I could imagine 2 types of solutions here:</p>
<ol>
<li>add some kind of output filtering to the logger (e.g. pattern/regex match)</li>
<li>allow rules to control such logging.</li>
</ol>
<p>Personally I would prefer the latter although it's a more invasive change.</p> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=80032017-03-17T03:27:31Zchris K.
<ul></ul><p>I noticed this issue with the eve-log also. Enabling file magic and hash logging to syslog for example results in logs for all filetypes despite having only one alert rule for Win32 PE files. I'd like it to only log the PE files.</p> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=80362017-03-28T12:13:33ZDuane Howardduane.security@gmail.com
<ul></ul><p>Friendly ping on this?</p> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=80582017-03-31T02:37:12ZVictor Julienvictor@inliniac.net
<ul><li><strong>Assignee</strong> set to <i>Anonymous</i></li><li><strong>Target version</strong> set to <i>TBD</i></li></ul><p>Contributions will be welcomed.</p> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=112422019-02-23T22:19:20ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Community Ticket</i></li></ul> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=139992019-09-27T11:42:21ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-2 priority-4 priority-default parent" href="/issues/1005">Feature #1005</a>: conditional logging: controlling what gets logged</i> added</li></ul> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=140002019-09-27T11:42:36ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-4 priority-default" href="/issues/2055">Feature #2055</a>: Optionally logging on files.json - Not log every file, only certain files that are stored and extracted</i> added</li></ul> Suricata - Feature #1950: allow configuration of file-store typeshttps://redmine.openinfosecfoundation.org/issues/1950?journal_id=308012023-11-09T14:07:41ZPhilippe Antoine
<ul></ul><p>Have you looked into the <code>config</code> keyword to be able to do this ?</p>