Bug #2493
closed
EngineAnalysisRules2 File Output Cannot Be Adjusted
Added by Danny Browning about 6 years ago.
Updated about 5 years ago.
Description
Putting this as a bug since as rule reloads occur, the file will continue to grow without bounds or limits.
EngineAnalysisRules2 uses a hardcoded rules.json file in the default output directory to output rules analysis information. This path and whether or not analysis is output should be configurable.
Related MR: https://github.com/OISF/suricata/pull/3346
This method seems to still be in development, and per documentation should only be called when running with --engine-analysis, so there might be a different solution needed.
- Assignee set to Danny Browning
- Target version set to TBD
Do you want to work on that further?
Is there any particular reason EngineAnalysisRules2 is called where it is? EngineAnalysisRules is called in a completely separate location yet with the same arguments, in a way that respects the `engine-analysis` flag.
I think Jacob's solution is better than mine, although I'm not sure why there is a profiling config section and the command line argument.
- Status changed from New to Closed
- Assignee deleted (
Danny Browning)
- Target version deleted (
TBD)
I believe this has been fixed.
Also available in: Atom
PDF