Bug #2264
closed
file-store.stream-depth not working as expected when configured to a specfic value
Added by Peter Manev about 7 years ago.
Updated over 5 years ago.
Description
Given the following config below -
outputs.14.file-store.stream-depth = 0
stream.reassembly.depth = 2mb
Suricata will file extract any file any size
Given this other config below -
outputs.14.file-store.stream-depth = 5mb
stream.reassembly.depth = 2mb
Suricata will only extract files which are up to 2mb in size - aka the "stream.reassembly.depth" configured value. However the expected result is the files extracted to be up to 5Mb as configured by "outputs.14.file-store.stream-depth"
Observed on 4.0.1 and latest git master.
- Assignee set to OISF Dev
- Target version set to TBD
- Assignee changed from OISF Dev to Giuseppe Longo
- Related to Bug #2506: filestore v1: with stream-depth not null, files are never truncated added
Is this with filestore v1 or v2?
- Status changed from New to Assigned
- Assignee changed from Giuseppe Longo to Jeff Lucovsky
- Target version changed from TBD to 5.0rc1
- Related to Bug #2495: Stream depth and filestore interaction added
- Related to Support #2369: option force-filestore generate truncated file added
- Assignee changed from Jeff Lucovsky to Victor Julien
- Status changed from Assigned to Closed
- Assignee changed from Victor Julien to Giuseppe Longo
Work was done by Giuseppe.
- Copied to Bug #3633: file-store.stream-depth not working as expected when configured to a specfic value (4.1.x) added
Also available in: Atom
PDF