Project

General

Profile

Actions

Bug #2394

closed

Pcap Directory May Miss Files

Added by Danny Browning almost 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Files that are dropped near to the processing time may be missed due to how pcap directory is advancing time.

Actions #1

Updated by Andreas Herz over 3 years ago

  • Target version set to TBD

Can you give us more details about that?

Actions #2

Updated by Danny Browning over 3 years ago

  • Status changed from New to Assigned

Pcap directory mode was updating last processed time to the incorrect time, which combined with certain parameters (e.g. low poll and delay), files recently dropped in the directory could be missed. Pcap directory mode was also updating last processed time too frequently, which combined with OS precision could cause files to be marked done too early.

https://github.com/OISF/suricata/pull/3127

Actions #3

Updated by Victor Julien over 3 years ago

  • Status changed from Assigned to Closed
  • Target version changed from TBD to 4.1beta1
Actions

Also available in: Atom PDF