Bug #2493
closedEngineAnalysisRules2 File Output Cannot Be Adjusted
Description
Putting this as a bug since as rule reloads occur, the file will continue to grow without bounds or limits.
EngineAnalysisRules2 uses a hardcoded rules.json file in the default output directory to output rules analysis information. This path and whether or not analysis is output should be configurable.
Updated by Danny Browning over 6 years ago
Related MR: https://github.com/OISF/suricata/pull/3346
This method seems to still be in development, and per documentation should only be called when running with --engine-analysis, so there might be a different solution needed.
Updated by Andreas Herz over 6 years ago
- Assignee set to Danny Browning
- Target version set to TBD
Do you want to work on that further?
Updated by Jacob Masen-Smith over 6 years ago
Is there any particular reason EngineAnalysisRules2 is called where it is? EngineAnalysisRules is called in a completely separate location yet with the same arguments, in a way that respects the `engine-analysis` flag.
Updated by Danny Browning over 6 years ago
I think Jacob's solution is better than mine, although I'm not sure why there is a profiling config section and the command line argument.
Updated by Victor Julien almost 6 years ago
- Status changed from New to Closed
- Assignee deleted (
Danny Browning) - Target version deleted (
TBD)
I believe this has been fixed.